Synchronizer-Token-Patterns
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjP-n1e68DFDh5VWLEIemLLuVqqMNtFxkf1dab_CuGYs_oXG5q1Xdi0Hd0n9dNYRhc1eE8xABLy0766rBhQ-HKGcr8zX4-gdqwenucBewKzB36jHPud2SKr1IFLfdN_2HUD7q0mXHjoRw4/s640/CSRFAttackw.jpg)
Synchronizer Token Patterns. The Encrypted Token Pattern is a defense mechanism against Cross Site Request Forgery (CSRF) attacks, and is an alternative to its sister-patterns; Synchroniser Token, and Double Submit Cookie. Each of these patterns has the same objective: To ensure that any given HTTP request originated from a trustworthy source To uniquely identify the user that issued the HTTP request In the first instance, the need to ensure that requests originate from a trustworthy source is an obvious requirement. Essentially, we need to guarantee that any given request has originated not only from the user’s web-browser, but also from a non-malicious link, or connection. Once you have verified that the request appears to be the same origin request so far, we recommend a second check as an additional precaution to really make sure. This second check can involve custom defense mechanisms using CSRF specific tokens created and verified by your applicati...