Block Expired Anti-CSRF Tokens

Australia Platform security

Release

australia

ft:locale

en-US

ft:publication_title

Australia Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Block Expired Anti-CSRF Tokens

Release version: Australia

Updated March 12, 2026

1 minute to read

Block expired CSRF tokens to prevent cross-site request forgery attacks.

The glide.security.csrf_previous.allow system property enables use of an expired secure token to identify and validate incoming requests. This token is used to prevent cross-site request forgery attacks.

Ensure that the property glide.security.csrf_previous.allow is set to false.

More information


Attribute	Description
Configuration name	glide.security.csrf_previous.allow
Configuration type	System Properties (/sys_properties_list.do)
Data type	Boolean
Recommended value	false
Default value	false
Fallback value	true
Category	Access control
Security risk	Severity score: 6.5 CVSS rating: Medium Security risk details: Allowing the use of previous or expired CSRF tokens exposes the application to replay attacks, enabling attackers to reuse valid requests and potentially perform unauthorized actions on behalf of legitimate users.
Functional impact	None
Dependencies and prerequisites	None