Changes between Version 2 and Version 3 of Ticket #24280, comment 7
- Timestamp:
- Mar 23, 2015, 5:31:43 PM (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #24280, comment 7
v2 v3 1 1 I was able to verify that the csrftoken in the form and the csrf cookie are both present and match before failure. 2 2 3 I was also able to take over a user's session normally by taking their cookie value and replacing my own locally with it. While their actions still failed, mine was able to use the site normally. (while they can maintain their session while the problem is happening, they can't submit csrf forms).3 I was also able to take over a user's session normally by taking their cookie value and replacing my own locally with it. While their session actions still failed, my session was able to use the site normally (submitting forms, etc).