[
https://issues.apache.org/jira/browse/WOOKIE-222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13058508#comment-13058508
]
Paul Sharples commented on WOOKIE-222:
--------------------------------------
I can confirm that adding the following to the web.xml file stops the error
appearing in tomcat 7...
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
The warning is that it may open CSRF attacks, according to the above link.
Should we just add a note to the Known issues of RELEASE_NOTES? (as we are
hoping to replace dwr very soon anyway?)
> "Session Error" dialog for each widget appears in tomcat 7 (using the WAR
> build)
> --------------------------------------------------------------------------------
>
> Key: WOOKIE-222
> URL: https://issues.apache.org/jira/browse/WOOKIE-222
> Project: Wookie
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.9.0
> Environment: Winows 7 sp1 64 all browsers, tomcat 7.0.16
> Reporter: Paul Sharples
> Fix For: 0.9.0
>
>
> Opening a widget in the gallery - causes a "Session Error" browser dialog to
> be displayed for each widget on the page during loading, repeated after a
> page refresh (as reported by Ate in WOOKIE-181). Seems there is a problem in
> the engine.js section of dwr. Doesn't appear to happen in tomcat 6*.
> Moving this as a top level issue as it was a little hidden.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
