Changes between Initial Version and Version 1 of Ticket #24280, comment 7


Ignore:
Timestamp:
Mar 23, 2015, 5:22:57 PM (10 years ago)
Author:
Yeago

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #24280, comment 7

    initial v1  
    11I was able to verify that the csrftoken in the form and the csrf cookie are both present and match before failure.
    22
    3 I had the user delete the csrf cookie and retry and it issued a new one which failed.
    4 
    53I was also able to take over a user's session normally by taking their cookie value and replacing my own locally with it. While their environment still failed, mine was able to use the site normally. (while they can maintain their session while the problem is happening, they can't submit csrf forms).
Back to Top