-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mathew,
On 4/14/2011 9:58 AM, Mathew Samuel wrote: > So I do in fact have a reference to the HttpSession related to the > currently-running request. However I do a "getAttributeNames()" to it > but the Enumeration I get back is empty (i.e. non-null but empty so > that a "hasMoreElements()" call to the HttpSession object says > "false"). > > The "org.apache.catalina.filters.CSRF_NONCE" key should be an > attribute correct? Tomcat "hides" certain session attributes from the enumeration returned by getAttributeNames. It's possible that this is one of them. Can you try to query it directly? Check out the code for the filter to see how it's used: http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_12/java/org/apache/catalina/filters/CsrfPreventionFilter.java > Although it is quite likely that I'm doing something wrong as I > wouldn't figure that the Enumeration returned by > "getAttributeNames()" would be empty although a "getId()" call to the > HttpSession object is at least returning something so I know there is > an actual HttpSession object present anyways. That is definitely good. > So yeah should "org.apache.catalina.filters.CSRF_NONCE" be listed as > on of the attributes I would get back if a "getAttributeNames()" call > had been made to the HttpSession object? Maybe :) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2omVQACgkQ9CaO5/Lv0PBfeACgvIuY+KtmyJoBAwfh6knsmIyM CZMAn2ZD5OSJp+fWTjEyonAbK3rclxBH =bf/N -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
