[Owasp-csrfguard] Newbie question
armyofda12mnkeys at gmail.com
Thu May 2 13:25:22 UTC 2013
just some quick suggestions...
Is your token on your Compose page?
Can you look at the source and see it at the bottom of the form?
DOM via Firebug or something or can just View Source if using their
server-side tag library to inject it).
if it is there, you can compare what is on the form vs what token is on
that server after you land on the Compose page (can create a 3rd
jsp/Servlet that outputs session vars [or you can set a breakpoint in that
3rd page, and see what the session holds after you land on Compose]).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-csrfguard