Changes between Version 2 and Version 3 of Ticket #24280, comment 7


Ignore:
Timestamp:
03/23/2015 05:31:43 PM (6 years ago)
Author:
Yeago
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #24280, comment 7

    v2 v3  
    11I was able to verify that the csrftoken in the form and the csrf cookie are both present and match before failure.
    22
    3 I was also able to take over a user's session normally by taking their cookie value and replacing my own locally with it. While their actions still failed, mine was able to use the site normally. (while they can maintain their session while the problem is happening, they can't submit csrf forms).
     3I was also able to take over a user's session normally by taking their cookie value and replacing my own locally with it. While their session actions still failed, my session was able to use the site normally (submitting forms, etc).
Back to Top