Protect the logout link against CSRF attacks

Created on 1 November 2009, about 15 years ago

Updated 9 January 2024, 12 months ago

There is a know CSRF weakness in the logout menu link. This menu link performs an action (logout the user) without any confirmation or protection. The core issue is 🐛 User logout is vulnerable to CSRF Fixed .

Due to a bug in the Drupal 6 menu system ( #204077: Allow menu links pointing to dynamic paths → ), it is unlikely that a proper fix will land in D6 in a reasonable period of time. I still have hope that we will fix Drupal 7 menu system and implement a fix against the CSRF properly there. This is a Drupal 6 specific feature request to implement the same CSRF protection in logintoboggan.

✨ Feature request

Status

Closed: won't fix

Version

1.0

Component

Code

Created by

🇫🇷France Damien Tournoud

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 12 months ago →
🇺🇸United States greggles Denver, Colorado, USA
I think this is the right status.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024