Spring CSRF令牌寿命 [英] Spring CSRF token life

问题描述

我正在按照 doc

我的一个问题是：何时该令牌将因Spring安全性而失效？
对于每个提交的请求，令牌都会失效吗？

One question I have is: When this token will get invalidated by the Spring security? Does the token gets invalidated for each request submit?

推荐答案

默认情况下，CSRF令牌存储在HTTP会话中并基于每个会话生成。请参阅官方Spring Security文档更多细节。因此，CSRF令牌的默认生命周期是会话持续时间。

By default the CSRF token is stored in the HTTP session and is generated on a per-session basis. See the official Spring Security documentation for more details. Therefore, the default lifecycle of CSRF tokens is the session duration.

与Spring Security中的所有其他功能一样，可以自定义CSRF令牌的存储和检索以适应个人需求。为此，需要为 CsrfTokenRepository 创建一个实现。自定义实现可以根据每个请求更改令牌，将令牌存储在关系数据库中，依此类推。

Like everything else in Spring Security, the storage and retrieval of CSRF tokens can be customized to suit individual needs. The way to do that would involve creating an implementation for CsrfTokenRepository. Custom implementations could change the token on a per request basis, store the token in a relational database, and so on.

这篇关于Spring CSRF令牌寿命的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！