You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My application has some advice when there is no session to try and authenticate the user first before trying the link again via an internal redirect (response.sendRedirect). However, the problem when this redirect happens is the flag on the session.isNew() is no longer true so it fails on the method checkTokenhttps://github.com/porscheinformatik/tapestry-csrf-protection/blob/master/src/main/java/at/porscheinformatik/tapestry/csrfprotection/internal/CsrfTokenManager.java#L82
Would it be possible to add to this check when the serverToken is null so it returns similar to when session.isNew() is checked? Do you see any problems with returning when the serverToken is null? I tried to override this CsrfTokenManager class on my side but Tapestry cannot seem to override it (as it isn't an interface?)
Thanks
The text was updated successfully, but these errors were encountered:
My application has some advice when there is no session to try and authenticate the user first before trying the link again via an internal redirect (response.sendRedirect). However, the problem when this redirect happens is the flag on the
session.isNew()is no longertrueso it fails on the methodcheckTokenhttps://github.com/porscheinformatik/tapestry-csrf-protection/blob/master/src/main/java/at/porscheinformatik/tapestry/csrfprotection/internal/CsrfTokenManager.java#L82Would it be possible to add to this check when the
serverTokenisnullso it returns similar to whensession.isNew()is checked? Do you see any problems with returning when theserverTokenis null? I tried to override this CsrfTokenManager class on my side but Tapestry cannot seem to override it (as it isn't an interface?)Thanks
The text was updated successfully, but these errors were encountered: