tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 55526] New: Overly eager CSRF protection in manager app
Date Thu, 05 Sep 2013 08:48:23 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=55526

            Bug ID: 55526
           Summary: Overly eager CSRF protection in manager app
           Product: Tomcat 7
           Version: 7.0.28
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Manager
          Assignee: dev@tomcat.apache.org
          Reporter: fh+apache@hars.de

Using browser tabs or the back button in the manager app will occasionally
result in incorrect forbidden errors.

Steps to reproduce:

1. Open the Session list for a webapp
2. Click on a session id
3. Click the back-button
4. Click on a session id
5. Click the back-button
6. Click on a session id
7. Click the back-button

Expected result: The browser displays the session list
Observed result: 403 Forbidden.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message