Invalid CSRF Protection Token. What is CSFR?

Cross-site request forgery (CSRF for short) is one of the many website attacks that exist. With the help of CSRF, even on a trustworthy site, a fraudster tricks the user into performing unwanted actions.

What is CSRF

In a csrf attack, a hacker tries to send a request on behalf of an authorized user to the address he wants. The simplest and most reliable solution to this problem is the CSRF token. This is a kind of key that is given to the user for each page, or even action, and is checked when sending data to the server. Simply put, the whole algorithm is reduced to the following actions: the client sends the token, the server checks and compares it with the stored one. If the tokens match, the action is allowed. Otherwise the request is rejected with an error.
The CSRF token is not visible to the user, but is present in the site code.

But seeing the error Invalid CSRF Protection Token is not only possible with a fake request. As it was said earlier, the token is generated each time the page is opened. That is, if you have visited several more pages, or if you have waited on the current page for too long (e.g. half an hour), the token will be invalid and you will get an error. In this case you just need to refresh the page and repeat the action.

The CSRF token will also protect you from performing the same action repeatedly when the page is accidentally refreshed.