> From: Mathew Samuel [mailto:mathew.sam...@entrust.com] 
> Subject: Found org.apache.catalina.filters.CSRF_NONCE

> now I know that the org.apache.catalina.filters.CSRF_NONCE is not a String 
> but something else.

Actually, Konstantin told you that several hours ago:

> > 1) ${session['org.apache.catalina.filters.CSRF_NONCE']}
> > 2) The value of the above is some object (a cache) not a String.
> > It cannot be used as a <c:param> value.
> > 3) c:url already takes care of the nonce,
> > because it calls HttpServletResponse.encodeURL(..)

Perhaps you should go back and read his complete response:
http://marc.info/?l=tomcat-user&m=130287556712594&w=2

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to