Facebook Authentication Example CSRF?

The hash (or state) is generated by you for each request to the web service (Facebook) and stored in the session on your server. This hash is sent with the request to Facebook from your website. Facebook sends the exact same hash back as a parameter on the response.

The hash (or state) is generated by you for each request to the web service (Facebook) and stored in the session on your server. This hash is sent with the request to Facebook from your website. Facebook sends the exact same hash back as a parameter on the response.

All you do is check if the hash generated before the request matches the one in the response. MyWebsite | Facebook ---------------+----------------- | Generate $hash | Store $hash | | $hash -----------------------> | $hash Once the request is complete, check the hash from the session and check the hash in the response matches. If they don't match, it's likely to be a forged response (or a broken app).

After you check, clear the var from the session as you won't be needing it again.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.