Well that's embarrassing. Thanks Chuck! In my own defense I had read his response and didn't really understand it so it swiftly left my mind. Then suddenly I could access that Attribute and now in hindsight his response makes sense to me.
Feels like half the time I'm defending myself on this forum. But truly if it wasn't for all your contributions I would not have even progressed this far. Thank you. Cheers, Matt -----Original Message----- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, April 15, 2011 3:47 PM To: Tomcat Users List Subject: RE: Found org.apache.catalina.filters.CSRF_NONCE > From: Mathew Samuel [mailto:mathew.sam...@entrust.com] > Subject: Found org.apache.catalina.filters.CSRF_NONCE > now I know that the org.apache.catalina.filters.CSRF_NONCE is not a String > but something else. Actually, Konstantin told you that several hours ago: > > 1) ${session['org.apache.catalina.filters.CSRF_NONCE']} > > 2) The value of the above is some object (a cache) not a String. > > It cannot be used as a <c:param> value. > > 3) c:url already takes care of the nonce, because it calls > > HttpServletResponse.encodeURL(..) Perhaps you should go back and read his complete response: http://marc.info/?l=tomcat-user&m=130287556712594&w=2 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
