CRSF token and Session replication with Tomcat and Apache
Posted
by technocool
on Stack Overflow
See other posts from Stack Overflow
or by technocool
Published on 2010-03-18T08:51:02Z
Indexed on
2010/03/22
14:11 UTC
Read the original article
Hit count: 283
I have an J2EE compliant web application. I use a session based token to append a secondary id to all incoming link generated by my application. To prevent my application against CSRF attack, I validate the secondary id before I allow the user session to work off the subsequent page.
Recently, while working with session replication mechanism implementation, I observed that on session failover, the generated secodary id is lost and the user get re directed to the login page/default page.
Any suggestions on how I can ensure that the my generated secondary token id is not lost from the replicated session?
© Stack Overflow or respective owner