In some situations a new session was created because the user was logging
in/out. Could I copy the old CSRF-token into the new session, or would
there be any security leak?
In other cases the user was not logging in/out and didn't get a new
session. Maybe the page was cached in the browser, so
You're right, sorry..
Am Freitag, 19. April 2013 09:25:39 UTC+2 schrieb Frederick Cheung:
>
> On Thursday, April 18, 2013 10:42:07 PM UTC+1, Martin Luy wrote:
> > any comments?
>
> Why would opening a new tab get you a different csrf token?
>
> Fred
>
>
--
You received this message because you a
On 19/04/13 16:25, Frederick Cheung wrote:
On Thursday, April 18, 2013 10:42:07 PM UTC+1, Martin Luy wrote:
any comments?
Why would opening a new tab get you a different csrf token?
Fred
Does the new tab re-request the page?
--
You received this message because you are subscribed to the Goo
On Thursday, April 18, 2013 10:42:07 PM UTC+1, Martin Luy wrote:
> any comments?
Why would opening a new tab get you a different csrf token?
Fred
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop re
any comments?
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to rubyonrails-talk+unsubscr...@googlegroups.com.
To post to this group, send email to rubyonra
5 matches
Mail list logo