diff --git a/submit.yml.erb b/submit.yml.erb
index c7eb4cd..0533548 100644
--- a/submit.yml.erb
+++ b/submit.yml.erb
@@ -1,3 +1,8 @@
---
batch_connect:
template: "basic"
+ conn_params:
+ - host
+ - port
+ - password
+ - csrf_token
diff --git a/template/before.sh.erb b/template/before.sh.erb
index 2c4920e..d26eb34 100755
--- a/template/before.sh.erb
+++ b/template/before.sh.erb
@@ -7,3 +7,6 @@ port=$(find_port ${host})
# Define a password and export it for RStudio authentication
password="$(create_passwd 16)"
export RSTUDIO_PASSWORD="${password}"
+
+# Define a CSRF (cross site request forgery) token to be added to HTML form and cookie
+csrf_token="$(create_passwd 32)"
diff --git a/template/bin/auth b/template/bin/auth
index 1695a43..3dbaa46 100755
--- a/template/bin/auth
+++ b/template/bin/auth
@@ -1,7 +1,7 @@
#!/usr/bin/env bash
-# Confirm username is supplied
-if [[ $# -ne 1 ]]; then
+# Confirm username is supplied. All other args are ignored
+if [[ $# -le 1 ]]; then
echo "Usage: auth USERNAME"
exit 1
fi
diff --git a/template/script.sh.erb b/template/script.sh.erb
index 45b91b8..9cc3235 100755
--- a/template/script.sh.erb
+++ b/template/script.sh.erb
@@ -46,6 +46,7 @@ cd "${HOME}"
export TMPDIR="$(mktemp -d)"
+# https://docs.posit.co/ide/server-pro/admin/access_and_security/cookies.html
mkdir -p "$TMPDIR/rstudio-server"
python -c 'from uuid import uuid4; print(uuid4())' > "$TMPDIR/rstudio-server/secure-cookie-key"
chmod 0600 "$TMPDIR/rstudio-server/secure-cookie-key"
@@ -59,6 +60,7 @@ singularity run -B "$TMPDIR:/tmp" "$RSTUDIO_SERVER_IMAGE" \
--auth-none 0 \
--auth-pam-helper-path "${RSTUDIO_AUTH}" \
--auth-encrypt-password 0 \
- --rsession-path "${RSESSION_WRAPPER_FILE}"
+ --rsession-path "${RSESSION_WRAPPER_FILE}" \
+ --secure-cookie-key-file /tmp/secure-cookie-key
echo 'Singularity as exited...'
diff --git a/view.html.erb b/view.html.erb
index cf8923f..10e4e63 100644
--- a/view.html.erb
+++ b/view.html.erb
@@ -3,7 +3,11 @@
+
+