Passing a token securely from one controller method to another
I want to generate a random token for my user. For UX reasons, I want to
generate this token in MyController#new in order to show it in new view.
Then I need to pass it to create method. However, I want to prevent user
from changing it.
I know of 3 ways to do it:
pass it as hidden field
pass it through sessions
write it to database, marked as incomplete, then set it to complete in
create method
The first two approaches are not secure, while the last is overkill.
Is there a way to securely pass a parameter from new to create method in
controller?
No comments:
Post a Comment