[Owasp-csrfguard] Newbie question

Arian armyofda12mnkeys at gmail.com
Thu May 2 13:25:22 UTC 2013


just some quick suggestions...

Is your token on your Compose page?
Can you look at the source and see it at the bottom of the form?
(if using their Javascript way to inject the token, then need to look at
DOM via Firebug or something or can just View Source if using their
server-side tag library to inject it).

if it is there, you can compare what is on the form vs what token is on
that server after you land on the Compose page (can create a 3rd
jsp/Servlet that outputs session vars [or you can set a breakpoint in that
3rd page, and see what the session holds after you land on Compose]).

-Arian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20130502/7309fbc3/attachment.html>


More information about the Owasp-csrfguard mailing list