I have a simple chat scenario in my PHP web app. On the other side I have selenium based python script to show automatiom. The purpose is that when someone sends link, the selenium bots clicks on the URL and visits it
The code is that bot logs in using username abc and password abc and a sessiond ID is set in PHP.
When it receives a link it does the windows.open(link) and then returns back to original window
The issue I am facing is that if I send a link against a different domain and that domain posts data to original domain.. the session values are not preserved.. typical csrf scenario.. what I should do in this case