Hi all, When trying to perform operations through admin console, once the session is expired we are getting a 403 from admin console. Seems like this occurs due to CSRF filter blocking the request since the session is no longer available at the server side.
[2016-07-06 15:34:27,576] WARN {org.owasp.csrfguard.log.JavaLogger} - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:127.0.0.1, method:POST, uri:/carbon/userprofile/set-finish-ajaxprocessor.jsp, error:request token does not match session token) -- Hasintha Indrajee WSO2, Inc. Mobile:+94 771892453
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev