tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: Tomcat CsrfPreventionFilter - LRU Cache
Date Fri, 23 Dec 2011 20:30:44 GMT
On 23/12/2011 19:45, Ganesh Dhakshinamurthy wrote:
>> Hi
>> I recently came across an issue reported regarding the LRU
>> cache implementation in CsrfPreventionFilter. It was reported that FIFO was
>> implemented instead of LRU. We are facing an issue in our application due
>> this, [Nonce tokens getting rejected]. I searched in the bugs database to
>> check if this was reported, but couldn't find any. Can somebody please let
>> me know if this is a known issue and something is on the works to fix it?

The last time it came up, no conclusion was reached as to which is the
best approach: LRU or FIFO. There are arguments for both which probably
means it really needs to be configurable.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message