Recently I discovered that FasterFox extension located in mozilla break
WebWork's token mechanism.
It appears that FasterFox caused the lines
public static String setToken(String tokenName, HttpServletRequest
request) {
HttpSession session = request.getSession(true);
String token = GUID.generateGUID();
session.setAttribute(tokenName, token);
return token;
}
in TokenHelper to be executed twice. This make the token saved in the
session differs to those rendered in the page. As a result,
invalid.token is always returned thus disabling user from using forms.
No comments:
Post a Comment