Hi team, Thanks for Nicolay Garanko's explanation, I can understand his implementation (boss_csrf_filter.erl) and can use it smoothly. He also provides simple app to test boss_form and boss_csrf_filter: github.com/ngaranko/r2d2
I recognized that csrf_token doesn't change after refresh /public/login, even delete cookies. The problem is random:uniform(64) returns constant. Prefer: http://pdincau.wordpress.com/2012/02/15/how-to-generate-random-numbers-in-erlang/ Solution: We have to call random:seed(now()) before each random:uniform(64) Regards, Cuong Th. -- You received this message because you are subscribed to the Google Groups "ChicagoBoss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
