Changes between Version 1 and Version 2 of Ticket #24280, comment 7


Ignore:
Timestamp:
Mar 23, 2015, 5:31:07 PM (9 years ago)
Author:
Yeago

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #24280, comment 7

    v1 v2  
    11I was able to verify that the csrftoken in the form and the csrf cookie are both present and match before failure.
    22
    3 I was also able to take over a user's session normally by taking their cookie value and replacing my own locally with it. While their environment still failed, mine was able to use the site normally. (while they can maintain their session while the problem is happening, they can't submit csrf forms).
     3I was also able to take over a user's session normally by taking their cookie value and replacing my own locally with it. While their actions still failed, mine was able to use the site normally. (while they can maintain their session while the problem is happening, they can't submit csrf forms).
Back to Top