Amaltas, I don't know what I was talking about, jetty does implement CSRF protection, and it is in fact enabled by default!
See comments I updated on the issue: https://bugs.eclipse.org/bugs/show_bug.cgi?id=370385 Jan On 2 February 2012 12:47, Jan Bartel <[email protected]> wrote: > Amaltas, > > See https://bugs.eclipse.org/bugs/show_bug.cgi?id=370385. > > In the meanwhile, you can disable putting session ids in links by > calling SessionManager.setSessionIdPathParameterName(null); > > Or alternatively, invalidate and recreate a new session, copying > across attributes in a filter/servlet/jsp etc. > > regards > Jan > > On 2 February 2012 10:17, Amaltas <[email protected]> wrote: >> >> >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> _______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
