Security is significant for an online ecommerce store. There is a dangerous attack called CSRF – Cross-Site Request Forgery. You could find the description about it at http://en.wikipedia.org/wiki/Cross-site_request_forgery. The login action in bootstrap template is vulnerable to CSRF.
If a customer has logged into your store successfully, a validated login cookie for your store will be stored in his browser. After that, the bad guy just need to do is get his browser to make a request to your store on his behalf.
So, we have to generate a security token and add it into the login form. When the login data is posted to the server, we will check the token again to prevent the potential attack. If the token is not existed or same with the token stored in the session, the script will be stopped automatically.
Step 1. Download the security patch from https://www.dropbox.com/s/35lb5tkheqb887h/crsf.zip?dl=0
Step 2. Unzip it and you will find following three folds in it:
Step3. Just copy above three folds into your tomaotcart root directory to override the original ones.
That’s it. After complete above three steps, the security token will be generated automatically to prevent the potential attack.