[
https://jira.codehaus.org/browse/CONTINUUM-2665?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=365634#comment-365634
]
Brent N Atkinson commented on CONTINUUM-2665:
---------------------------------------------
I have a fix for the behavior reported, but the actual issue's scope is larger.
This behavior will occur for all pages that overload a single token with
different form parameters and use {{TokenSessionStoreInterceptor}}. The reason
is that once a request is submitted and a result is rendered and stored in the
user's session for the token, any request using the same token will yield the
original result. This, in combination with the fact that history.back() is
consistently used throughout the application increases the likelihood that
users will encounter the scenario: since the browser is not issuing new
requests, new tokens are not generated after canceling.
To solve this problem, we could:
1.) Generate unique tokens for every unique request
This has the advantage that it will work as a user expects regardless of
whether they click cancel or hit the browser's back button. The disadvantage is
that the number of tokens generated for a page will be proportional to the
number of requests requiring CSRF protection. Also, since the request results
are possible stored the amount of information stored in the session could be
considerable.
2.) Change the cancel buttons so they force a page request rather than using
browser history
This has the advantage of not requiring more than a single token in the user's
session for a given request. The disadvantage is that users will still
experience the issue when using the browser's back button, since it will used
cached tokens as with history.back().
> Incorrect purge description is displayed in delete confirmation.
> ----------------------------------------------------------------
>
> Key: CONTINUUM-2665
> URL: https://jira.codehaus.org/browse/CONTINUUM-2665
> Project: Continuum
> Issue Type: Bug
> Components: Web - UI
> Affects Versions: 1.4.1
> Reporter: Greg Michael Meneses
> Assignee: Brent N Atkinson
> Priority: Minor
> Labels: triaged
>
> To replicate:
> 1) Create 2 purge configurations with distinct descriptions.
> 2) Click delete button for purge 1
> Are you sure you want to delete Purge Configuration "<purge 1 description>" ?
> 3) Click cancel
> 4) Click delete button for purge 2
> Error: Are you sure you want to delete Purge Configuration "<purge 1
> description>" ? is displayed
> Expected Result: Are you sure you want to delete Purge Configuration "<purge
> 2 description>" ? is displayed
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
