Ticket #2198 (closed enhancement: fixed)

Opened 2 months ago

Last modified 7 weeks ago

Implement double cookie submission pattern

Reported by: Marc Englund Owned by: Marc Englund
Priority: major Milestone: User Interface Library 5.3.0 RC
Component: undefined Version: 5.2.11
Keywords: Cc:
Known Issue description:
Hours estimate: Deadline (dd.mm.yyyy):
Known Issue version (since): Known Issue title:
Hours done: Depends to:
Affects documentation: no
Known Issue workaround:
Affects release notes: no Contract:

Description

We should really implement the double cookie submission pattern even if we're handling the situation in a different way already;it's a well-known pattern, and people are bound to ask if we implement it (and might assume it's the only way).

Change History

Changed 2 months ago by Marc Englund

  • status changed from new to closed
  • resolution set to fixed

Fixed in [5855].

Changed 2 months ago by Marc Englund

  • status changed from closed to reopened
  • resolution deleted

Current implementation "too secure": does not allow for static html init-page...

Changed 2 months ago by Marc Englund

  • status changed from reopened to closed
  • resolution set to fixed

Improved in [5863]

  • allows for static html init
  • uses JSESSIONID, server decides scope of cookie
  • can be disabled per application: 
        <init-param>
      <param-name>disable-xsrf-protection</param-name>
      <param-value>true</param-value>
    </init-param>

Changed 2 months ago by Marc Englund

  • status changed from closed to reopened
  • resolution deleted

Changed 2 months ago by Marc Englund

Did not work with IE6, at least not the "multiple IE" version. Problems with Liferay as well. Fixed in [5894]

Changed 7 weeks ago by Joonas Lehtinen

  • status changed from reopened to closed
  • resolution set to fixed
Note: See TracTickets for help on using tickets.