Any reason to have a session id on the form?

Question

Is there any reason to put the session id on the form as a hidden form field?

Thanks to everyone! :)

+4

Radianthex Apr 2 '10 at 14:25

2 answers

The only reason is to maintain session state for all users, including those with cookies disabled.

+2

Andre Goncalves Apr 2 '10 at 14:27

David · Accepted Answer · 2010-04-02T14:27:41+0000

This is part of one of the possible ways to prevent against attacks such as sub - forgery.

It can also be used in the "Double cookie sending" method mentioned at the bottom of the page linked above.