-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mathew,
On 4/13/2011 3:21 PM, Mathew Samuel wrote: > There's an JSP example line given, with respect to using CSRF > (Cross-site Request Forgery), that showed how one could access the > CSRF nonce and include it with a URL: > > < c:url var="url" value="/show" > < c:param name="id" value="0" / > < > c:param name="org.apache.catalina.filters.CSRF_NONCE" > value="${session.org.apache.catalina.filters.CSRF_NONCE}" / >< /c:url > >< a href="${show}">Show< /a > > > How may I access this session.org.apache.catalina.filters.CSRF_NONCE > value from within a pure Java context? Would it be part of some sort > of Java Session object from which one of the attributes would be > org.apache.catalina.filters.CSRF_NONCE? The session here is the HttpSession related to the currently-running request. So, if you don't have a reference to the HttpSession object, you are probably out of luck. Once you have the session, the value bound to the key "org.apache.catalina.filters.CSRF_NONCE" will be ... whatever that is supposed to be :) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2mBlgACgkQ9CaO5/Lv0PC2EACgv/RVMluFGtvkmWeSDBlgrkz8 18IAn1yJ+x8BtFHMJTIc7WIgRO59e1Y7 =U93T -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org