Hi Chris, So I do in fact have a reference to the HttpSession related to the currently-running request. However I do a "getAttributeNames()" to it but the Enumeration I get back is empty (i.e. non-null but empty so that a "hasMoreElements()" call to the HttpSession object says "false").
The "org.apache.catalina.filters.CSRF_NONCE" key should be an attribute correct? Although it is quite likely that I'm doing something wrong as I wouldn't figure that the Enumeration returned by "getAttributeNames()" would be empty although a "getId()" call to the HttpSession object is at least returning something so I know there is an actual HttpSession object present anyways. So yeah should "org.apache.catalina.filters.CSRF_NONCE" be listed as on of the attributes I would get back if a "getAttributeNames()" call had been made to the HttpSession object? Cheers, Matt -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, April 13, 2011 4:24 PM To: Tomcat Users List Subject: Re: Trying to find session.org.apache.catalina.filters.CSRF_NONCE -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mathew, On 4/13/2011 3:21 PM, Mathew Samuel wrote: > There's an JSP example line given, with respect to using CSRF > (Cross-site Request Forgery), that showed how one could access the > CSRF nonce and include it with a URL: > > < c:url var="url" value="/show" > < c:param name="id" value="0" / > < > c:param name="org.apache.catalina.filters.CSRF_NONCE" > value="${session.org.apache.catalina.filters.CSRF_NONCE}" / >< /c:url > >< a href="${show}">Show< /a > > > How may I access this session.org.apache.catalina.filters.CSRF_NONCE > value from within a pure Java context? Would it be part of some sort > of Java Session object from which one of the attributes would be > org.apache.catalina.filters.CSRF_NONCE? The session here is the HttpSession related to the currently-running request. So, if you don't have a reference to the HttpSession object, you are probably out of luck. Once you have the session, the value bound to the key "org.apache.catalina.filters.CSRF_NONCE" will be ... whatever that is supposed to be :) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2mBlgACgkQ9CaO5/Lv0PC2EACgv/RVMluFGtvkmWeSDBlgrkz8 18IAn1yJ+x8BtFHMJTIc7WIgRO59e1Y7 =U93T -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
