tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Trying to find session.org.apache.catalina.filters.CSRF_NONCE
Date Fri, 15 Apr 2011 19:15:32 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mathew,

On 4/14/2011 9:58 AM, Mathew Samuel wrote:
> So I do in fact have a reference to the HttpSession related to the
> currently-running request. However I do a "getAttributeNames()" to it
> but the Enumeration I get back is empty (i.e. non-null but empty so
> that a "hasMoreElements()" call to the HttpSession object says
> "false").
> 
> The "org.apache.catalina.filters.CSRF_NONCE" key should be an
> attribute correct?

Tomcat "hides" certain session attributes from the enumeration returned
by getAttributeNames. It's possible that this is one of them. Can you
try to query it directly?

Check out the code for the filter to see how it's used:
http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_12/java/org/apache/catalina/filters/CsrfPreventionFilter.java

> Although it is quite likely that I'm doing something wrong as I
> wouldn't figure that the Enumeration returned by
> "getAttributeNames()" would be empty although a "getId()" call to the
> HttpSession object is at least returning something so I know there is
> an actual HttpSession object present anyways.

That is definitely good.

> So yeah should "org.apache.catalina.filters.CSRF_NONCE" be listed as
> on of the attributes I would get back if a "getAttributeNames()" call
> had been made to the HttpSession object?

Maybe :)

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk2omVQACgkQ9CaO5/Lv0PBfeACgvIuY+KtmyJoBAwfh6knsmIyM
CZMAn2ZD5OSJp+fWTjEyonAbK3rclxBH
=bf/N
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message