> From: Mathew Samuel [mailto:mathew.sam...@entrust.com] > Subject: Found org.apache.catalina.filters.CSRF_NONCE
> now I know that the org.apache.catalina.filters.CSRF_NONCE is not a String > but something else. Actually, Konstantin told you that several hours ago: > > 1) ${session['org.apache.catalina.filters.CSRF_NONCE']} > > 2) The value of the above is some object (a cache) not a String. > > It cannot be used as a <c:param> value. > > 3) c:url already takes care of the nonce, > > because it calls HttpServletResponse.encodeURL(..) Perhaps you should go back and read his complete response: http://marc.info/?l=tomcat-user&m=130287556712594&w=2 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org