Using a form token when user isn't logged in
https://stackoverflow.com/questions/1671027
-
13-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I noticed that a lot of sites send a random token with form posts even though the user is not logged into a service requiring authentication. I understand the use of a token when you have an authenticated session, but what is the point in sending one when they aren't authenticated?
Is it common practice to create a session when a user isn't logged in and pair a token to it?
Thanks,
Solution
Yes, it is common to track where visitors go, storing search results, or shopping cart information. Sessions can be used for a lot more than just authentication.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
