On Fri, Nov 4, 2011 at 20:23, Mark Thomas <ma...@apache.org> wrote: [...] > > I think the thing to do here is to work out what the 'best' solution is > and fix the docs/code accordingly. I think LRU is the way to go in which > case the current code needs fixing. >
I see more arguments for the LRU case: when a CSRF attack appears for whatever app is out there, for whatever defintion of "appears", it is more likely that the same attack pattern will appear even on unaffected sites. -- Francis Galiegue ONE2TEAM Ingénieur système Mob : +33 (0) 683 877 875 Tel : +33 (0) 178 945 552 f...@one2team.com 40 avenue Raymond Poincaré 75116 Paris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
