CRSF token and Session replication with Tomcat and Apache

Posted by technocool on Stack Overflow See other posts from Stack Overflow or by technocool
Published on 2010-03-18T08:51:02Z Indexed on 2010/03/22 14:11 UTC
Read the original article Hit count: 283

Filed under:
|
|

I have an J2EE compliant web application. I use a session based token to append a secondary id to all incoming link generated by my application. To prevent my application against CSRF attack, I validate the secondary id before I allow the user session to work off the subsequent page.

Recently, while working with session replication mechanism implementation, I observed that on session failover, the generated secodary id is lost and the user get re directed to the login page/default page.

Any suggestions on how I can ensure that the my generated secondary token id is not lost from the replicated session?

© Stack Overflow or respective owner

Related posts about tomcat

Related posts about apache