Sunday, June 30, 2013
In some situations a new session was created because the user was logging in/out. Could I copy the old CSRF-token into the new session, or would there be any security leak?
In other cases the user was not logging in/out and didn't get a new session. Maybe the page was cached in the browser, so I added in my layout <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE"> now.
-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/9aa259c5-bcb4-4ca7-88d3-5ed7623674df%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment