tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ganesh Dhakshinamurthy <ganesh.dha...@gmail.com>
Subject Re: Tomcat CsrfPreventionFilter - LRU Cache
Date Fri, 23 Dec 2011 21:21:24 GMT
Hello Mark
Thanks for the info.

- Ganesh

On Fri, Dec 23, 2011 at 3:30 PM, Mark Thomas <markt@apache.org> wrote:

> On 23/12/2011 19:45, Ganesh Dhakshinamurthy wrote:
> >>
> >> Hi
> >> I recently came across an issue reported regarding the LRU
> >> cache implementation in CsrfPreventionFilter. It was reported that FIFO
> was
> >> implemented instead of LRU. We are facing an issue in our application
> due
> >> this, [Nonce tokens getting rejected]. I searched in the bugs database
> to
> >> check if this was reported, but couldn't find any. Can somebody please
> let
> >> me know if this is a known issue and something is on the works to fix
> it?
>
> The last time it came up, no conclusion was reached as to which is the
> best approach: LRU or FIFO. There are arguments for both which probably
> means it really needs to be configurable.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message