Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Is there any CSRF protection/filters in jetty ?
Hi Jan,
Thanks for letting us know. I will explore this and see if it meets my requirements.

On Sun, Feb 5, 2012 at 10:56 PM, Jan Bartel <janb@xxxxxxxxxxx> wrote:
Amaltas,

I don't know what I was talking about, jetty does implement CSRF
protection, and it is in fact enabled by default!

See comments I updated on the issue:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=370385

Jan

On 2 February 2012 12:47, Jan Bartel <janb@xxxxxxxxxxx> wrote:
> Amaltas,
>
> See https://bugs.eclipse.org/bugs/show_bug.cgi?id=370385.
>
> In the meanwhile, you can disable putting session ids in links by
> calling SessionManager.setSessionIdPathParameterName(null);
>
> Or alternatively, invalidate and recreate a new session, copying
> across attributes in a filter/servlet/jsp etc.
>
> regards
> Jan
>
> On 2 February 2012 10:17, Amaltas <amaltas@xxxxxxxxxxx> wrote:
>>
>>
>> _______________________________________________
>> jetty-users mailing list
>> jetty-users@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users

Back to the top