2011/4/13 Mathew Samuel mathew.sam...@entrust.com:
Hi,
There's an JSP example line given, with respect to using CSRF (Cross-site
Request Forgery), that showed how one could access the CSRF nonce and include
it with a URL:
c:url var=url value=/show c:param name=id value=0 / c:param
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mathew,
On 4/14/2011 9:58 AM, Mathew Samuel wrote:
So I do in fact have a reference to the HttpSession related to the
currently-running request. However I do a getAttributeNames() to it
but the Enumeration I get back is empty (i.e. non-null but
: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, April 13, 2011 4:24 PM
To: Tomcat Users List
Subject: Re: Trying to find session.org.apache.catalina.filters.CSRF_NONCE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mathew,
On 4/13/2011 3:21 PM, Mathew Samuel wrote:
There's
-Original Message-
From: Mathew Samuel [mailto:mathew.sam...@entrust.com]
Sent: Thursday, April 14, 2011 9:58 AM
To: 'Tomcat Users List'
Subject: RE: Trying to find session.org.apache.catalina.filters.CSRF_NONCE
Hi Chris,
So I do in fact have a reference to the HttpSession related
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mathew,
On 4/13/2011 3:21 PM, Mathew Samuel wrote:
There's an JSP example line given, with respect to using CSRF
(Cross-site Request Forgery), that showed how one could access the
CSRF nonce and include it with a URL:
c:url var=url value=/show
