Re: [jetty-users] Is there any CSRF protection/filters in jetty ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] Is there any CSRF protection/filters in jetty ?

From: Jan Bartel <janb@xxxxxxxxxxx>
Date: Thu, 2 Feb 2012 12:47:31 +1100
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Amaltas,

See https://bugs.eclipse.org/bugs/show_bug.cgi?id=370385.

In the meanwhile, you can disable putting session ids in links by
calling SessionManager.setSessionIdPathParameterName(null);

Or alternatively, invalidate and recreate a new session, copying
across attributes in a filter/servlet/jsp etc.

regards
Jan

On 2 February 2012 10:17, Amaltas <amaltas@xxxxxxxxxxx> wrote:
>
>
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>

Follow-Ups:
- Re: [jetty-users] Is there any CSRF protection/filters in jetty ?
  - From: Jan Bartel

References:
- [jetty-users] Is there any CSRF protection/filters in jetty ?
  - From: Amaltas

Prev by Date: [jetty-users] Is there any CSRF protection/filters in jetty ?
Next by Date: Re: [jetty-users] Jetty releases 7.6.0 and 8.1.0
Previous by thread: [jetty-users] Is there any CSRF protection/filters in jetty ?
Next by thread: Re: [jetty-users] Is there any CSRF protection/filters in jetty ?
Index(es):
- Date
- Thread

Breadcrumbs