Anti-CSRF token validation time

Release version: Australia

Updated March 12, 2026

1 minute to read

The glide.security.csrf_previous.time_limit property specifies the time in seconds for a secure token to expire.

The glide.security.csrf_previous.time_limit system property determines the time in seconds for a secure token to expire. When the user session expires, the secure token expires with it, unless the allowing reuse of expired tokens property is enabled, and its within the time frame described by this property. This token is used to prevent cross site request forgery attacks.

Ensure that the glide.security.csrf_previous.time_limit property is set to 86400 seconds (1 day).

More information


Attribute	Description
Configuration name	glide.security.csrf_previous.time_limit
Configuration type	System Properties (/sys_properties_list.do)
Data type	integer
Recommended value	86400
Default value	<none>
Fallback value	86400
Category	Access control
Security risk	Severity score: 5.3 CVSS score: Medium Security risk details: The time limit for a CSRF token to expire defines how long the token remains valid for verifying legitimate user requests; if set too long, it increases the risk that an attacker could reuse a stolen token to perform unauthorized actions, while a shorter expiration window reduces this risk by narrowing the attack window.
Dependencies and prerequisites	None
Functional impact	This property determines the duration in seconds for a secure token to remain valid. The secure token expires when the user session expires unless the allowing reuse of expired tokens property is enable, and the token is within the time frame specified in this property. This token prevents cross-site request forgery attacks. It has a default value of 86400 seconds or 1 day.