[Owasp-csrfguard] Token landing page issue when accessing application URL

Amol Walunjkar amolsw at gmail.com
Wed Jul 25 19:12:38 UTC 2012


Hi,

We have one requirement in our application. In this, the user of our
application will receive an email which contains a hyperlink using which he
can directly go to one of the functionality of the application.
We have utilized OSWAP framework for providing security against CSRF.
In the properties file we have set the "NewTokenLandingPage" property to
home page our application.
Now the problem is that, when user launch the hyperlink from the email he
received to access specific functionality he is always taken to the home
page instead of the directed URL in the email.
In the documentation it is said that all query-string form parameters sent
with the original request will be discarded. But then, if we have to
implement such behavior in application which is the solution for this.

Does the current OSWAP framework for CSRF support such custom requirement ?

Please advice

Thanks in advance

-- 
Regards,
Amol
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20120725/055d8f09/attachment.html>


More information about the Owasp-csrfguard mailing list