-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mathew,
On 4/14/2011 9:58 AM, Mathew Samuel wrote:
> So I do in fact have a reference to the HttpSession related to the
> currently-running request. However I do a "getAttributeNames()" to it
> but the Enumeration I get back is empty (i.e. non-null bu
2011/4/13 Mathew Samuel :
> Hi,
>
> There's an JSP example line given, with respect to using CSRF (Cross-site
> Request Forgery), that showed how one could access the CSRF nonce and include
> it with a URL:
>
> < c:url var="url" value="/show" > < c:param name="id" value="0" / > < c:param
> name=
,
Matt
-Original Message-
From: Mathew Samuel [mailto:mathew.sam...@entrust.com]
Sent: Thursday, April 14, 2011 9:58 AM
To: 'Tomcat Users List'
Subject: RE: Trying to find session.org.apache.catalina.filters.CSRF_NONCE
Hi Chris,
So I do in fact have a reference to the HttpSessio
uot; call had been made to
the HttpSession object?
Cheers,
Matt
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, April 13, 2011 4:24 PM
To: Tomcat Users List
Subject: Re: Trying to find session.org.apache.catalina.filters.CSRF_NONCE
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mathew,
On 4/13/2011 3:21 PM, Mathew Samuel wrote:
> There's an JSP example line given, with respect to using CSRF
> (Cross-site Request Forgery), that showed how one could access the
> CSRF nonce and include it with a URL:
>
> < c:url var="url" valu
Hi,
There's an JSP example line given, with respect to using CSRF (Cross-site
Request Forgery), that showed how one could access the CSRF nonce and include
it with a URL:
< c:url var="url" value="/show" > < c:param name="id" value="0" / > < c:param
name="org.apache.catalina.filters.CSRF_NONCE"
