Forum Discussion

Boss

5 months ago

What is FreeMarker user.generateLinkUserToken(<string>)?

user.generateLinkUserToken(<string>) is a not documented method on the custom global user context object the FreeMarker implementation of Khoros provides. calling it with any string argument retur...

MattV

Khoros Staff

5 months ago

That is used by OOB components to prevent CSRF attacks (e.g. tricking a user to click on a url to perform an action they didn't intend to).

I believe the way this works on the backend, that token is included on links that are considered to be privileged (e.g. giving kudos), and it is checked on the server that it is the same value that is expected.

So the only way it would be useful in freemarker, is if you could verify the value.

Alternatively, what we do in Professional Services, is create our own random value, and store it in the user cache. We use that value on URLs that will typically call a custom endpoint. In that custom endpoint, we verify the value being sent with the one in the user cache.

Forum Discussion

What is FreeMarker user.generateLinkUserToken(<string>)?

Related Content

Wait And Sleep in Freemarker

Freemarker/Pagination

Help with Editing a Component with Freemarker

Community Colors Freemarker

dynamic change when changing freemarker variable ?

Recent Discussions

API v1 docs gone since Atlas migration to Aurora

Does anyone know how to change the display title of Custom Fields in Aurora?

Can someone walk me through authenticating and using Postman with Aurora?

Seeking Advice on Restricting Access to a posts to those who have the permalink.

TinyMceEditor is undefined