Using a form token when user isn't logged in
-
13-09-2019 - |
Question
I noticed that a lot of sites send a random token with form posts even though the user is not logged into a service requiring authentication. I understand the use of a token when you have an authenticated session, but what is the point in sending one when they aren't authenticated?
Is it common practice to create a session when a user isn't logged in and pair a token to it?
Thanks,
Solution
Yes, it is common to track where visitors go, storing search results, or shopping cart information. Sessions can be used for a lot more than just authentication.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow