https://issues.apache.org/bugzilla/show_bug.cgi?id=55526
Bug ID: 55526
Summary: Overly eager CSRF protection in manager app
Product: Tomcat 7
Version: 7.0.28
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Manager
Assignee: [email protected]
Reporter: [email protected]
Using browser tabs or the back button in the manager app will occasionally
result in incorrect forbidden errors.
Steps to reproduce:
1. Open the Session list for a webapp
2. Click on a session id
3. Click the back-button
4. Click on a session id
5. Click the back-button
6. Click on a session id
7. Click the back-button
Expected result: The browser displays the session list
Observed result: 403 Forbidden.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
