[
https://issues.apache.org/jira/browse/GERONIMO-3781?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12565910#action_12565910
]
Joseph Leong commented on GERONIMO-3781:
----------------------------------------
Update:
Been spending a great deal of time on this, have found a funny scenario that
fixes this issue with expiring a cookie and some delays- but not satisfied
with that hack. Going to put more work into it until i iron this out solid.
Any thoughts would be appreciated. The specific issue is at the: private void
checkNotCsrfAttack(HttpServletRequest request, String sessionCookieName)
located at
http://fisheye5.cenqua.com/browse/~raw,r=1.7/dwr/java/org/directwebremoting/dwrp/Batch.java
It is throwing a session error because nothing will return true.
Due to GERONIMO-3746 being resolved, this JIRA will remain active to update the
CSRF issue.
Thanks!
> Plugin Installer, CRSF issue when attempting to install a new plugin
> --------------------------------------------------------------------
>
> Key: GERONIMO-3781
> URL: https://issues.apache.org/jira/browse/GERONIMO-3781
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: console
> Affects Versions: 2.1, 2.1.1
> Environment: Ubuntu 7.10, Firefox 2.0.0.6
> Reporter: Joseph Leong
> Assignee: Joseph Leong
> Fix For: 2.1.1
>
>
> Plugin installer will not allow for you to install anymore plugins on a
> second attempt given that it threw an exception the first time. This is
> attributed to the exception thrown that doesn't properly exit and close off
> current sessions. So in the second attempt there is a cookie/session
> mismatch.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
