Block Expired Anti-CSRF Tokens

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Block expired CSRF tokens to prevent cross-site request forgery attacks.

    The glide.security.csrf_previous.allow system property enables use of an expired secure token to identify and validate incoming requests. This token is used to prevent cross-site request forgery attacks.

    Ensure that the property glide.security.csrf_previous.allow is set to false.

    More information

    Attribute Description
    Configuration name glide.security.csrf_previous.allow
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value false
    Default value false
    Fallback value true
    Category Access control
    Security risk
    • Severity score: 6.5
    • CVSS rating: Medium
    • Security risk details: Allowing the use of previous or expired CSRF tokens exposes the application to replay attacks, enabling attackers to reuse valid requests and potentially perform unauthorized actions on behalf of legitimate users.
    Functional impact None
    Dependencies and prerequisites None