Last updated 2023-03-07 09:34:33

What Is A CSRF Token?

Table of contents


A Cross-Site Forgery(CSRF) Token is a special encrypted string that is sent back from the server side to the client side or frontend [→] of a web application. The token is sent back again from the frontend to the server side whenever a user fills out a form. The goal is to ensure that a form can only be submitted by the user who initially requested it.

The token typically has an expiry date and a new one is generated each time the user revisits the page.

Use Cases and Examples

As mentioned above the main goal of this token is to ensure that the original user who requested the form is the one submitting the data later on.

Once a user is logged into an application, an attacker can hijack the session and submit data on that user's behalf. With the token in place even if the user has a live session but the token is expired they won't be able to submit data to the server.


CSRF Tokens are mostly used with web forms, other types of tokens serve the same purpose but have different implementations. For example JWT [→] is used mostly with APIs [→]

Here is another article you might like 😊 "What Is Continuous Integration CI"