in reply to Re: Is your web application really secure? ("CSRF")
in thread Is your web application really secure? ("CSRF")
However I regret that this takes much of the coolness and simplicity out of the concept of session cookies because they get kind of useless for POST requests.
well, i think you're right, but IMHO a session cookie is most useful in GET
requests, like viewing a forum thread or something else, so that you can bookmark it easily.
if i had opened a website with a form in it, let the browser window open and
try to send the form the next day i would consider it ok if i then get a message
that the token is expired.