Uploaded image for project: 'MyFaces Tobago'
  1. MyFaces Tobago
  2. TOBAGO-1318

Meaning of TobagoConfig.isCheckSessionSecret() and isCreateSessionSecret() is inverted

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 1.0.40, 1.5.10, 2.0.0-alpha-2
    • 1.5.11, 2.0.0-alpha-3, 1.0.41
    • None
    • None

    Description

      Both values are true by default and both value are the same for most applications, so the problem shoudn't be so large.
      Correct is:

      • create() will be called, if isCreate is set
      • encode() will be called, if isCheck is set
      • check() will be called, if isCheck is set

      Attachments

        Issue Links

          is related to

          New Feature - A new feature of the product, which has yet to be developed. TOBAGO-972 Implement a session secret to protect against cross-side request forgery (CSRF/XSRF)

          • Major - Major loss of function.
          • Closed

          Activity

            People

              lofwyr Udo Schnurpfeil
              lofwyr Udo Schnurpfeil
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: