[Owasp-csrfguard] The meaning of NewTokenLandingPage

Patrick Radtke pradtke at stanford.edu
Thu Jul 14 13:27:54 EDT 2011

On 7/14/11 3:44 AM, Anders Båtstrand wrote:
> Hi
> I am trying to use CSRFGuard in an application, but I am having some 
> troubles. First, let me start with a question about NewTokenLandingPage.
> If I read the source code correct, the NewTokenLandingPage is written 
> to the response if session.isNew(), even if you visit an unprotected 
> page.
I thought the CsrfGuardFilter would only get invoked if the page matched 
the URLs you defined as protected in the web.xml


> I do not see the purpose of this, as the page does not require a 
> token. Is there someone that would like to elaborate on the meaning of 
> the NewTokenLandingPage?
I have never used it.
> PS: Is there any plans for migrating the project to Maven, and using 
> automatic testing? I would be very happy to help in that matter.
I would also be happy to help with such an effort.


More information about the Owasp-csrfguard mailing list