Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A3C8F9B82 for ; Mon, 5 Nov 2012 09:08:57 +0000 (UTC) Received: (qmail 72565 invoked by uid 500); 5 Nov 2012 09:08:54 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 72359 invoked by uid 500); 5 Nov 2012 09:08:54 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 72337 invoked by uid 99); 5 Nov 2012 09:08:53 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Nov 2012 09:08:53 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of Wilfred.Duizers@indicia.nl designates 212.83.193.25 as permitted sender) Received: from [212.83.193.25] (HELO smx5.interconnect.nl) (212.83.193.25) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Nov 2012 09:08:45 +0000 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av8EADGBl1DVz1lC/2dsb2JhbABEw0KBCIIeAQEBAwE6FAUrCwIBCA0VFBAxASUBAQQIBwQBBxMCBIdjCrk/BIwBGoVBYQObUzWKN4JvgWQ1 Received: from unknown (HELO INDVSKW03.nl.indicia.org) ([213.207.89.66]) by smtp.interconnect.nl with ESMTP/TLS/AES128-SHA; 05 Nov 2012 10:08:19 +0100 Received: from INDVSKW03.nl.indicia.org ([10.11.0.4]) by INDVSKW03.nl.indicia.org ([10.11.0.4]) with mapi id 14.01.0379.000; Mon, 5 Nov 2012 10:08:25 +0100 From: Wilfred Duizers To: Tomcat Users List Subject: RE: CSRF on multiple tomcat instances Thread-Topic: CSRF on multiple tomcat instances Thread-Index: Ac25BKkXtPfrcey5QNajN3pEmnIQoACIsUSAAAKQKg4= Date: Mon, 5 Nov 2012 09:08:24 +0000 Message-ID: <7A9E9FD1C35D3F4CAEF6572920890BED4B5A39FF@INDVSKW03.nl.indicia.org> References: <7A9E9FD1C35D3F4CAEF6572920890BED4B5A2970@INDVSKW03.nl.indicia.org>,<-2827930166699122238@unknownmsgid> In-Reply-To: <-2827930166699122238@unknownmsgid> Accept-Language: nl-NL, en-US Content-Language: nl-NL X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [62.177.233.145] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org yes it would :P Do you see a solution anyway....both tomcat instances use the same domain h= ttps://www.example.com They use isapi ________________________________________ Van: Pid * [pid@pidster.com] Verzonden: maandag 5 november 2012 9:30 Aan: Tomcat Users List Onderwerp: Re: CSRF on multiple tomcat instances On 2 Nov 2012, at 14:23, Wilfred Duizers wrote= : > Hello, > > I am running 2 Tomcat instances on 1 server. So far nothing special :-) > Both: > Apache Tomcat/7.0.25 > JVM 1.6.0_20-b02 > > When a user clicks a link in the webapplication running on Tomcat instanc= e 1 (portal) an application running on Tomcat instance 2 is opened. Is it p= ossible to send the nonce with the link? Because it's running another insta= nce... Would defeat the point if you sent all of the info in the same request, no? p > > Kind regards, > Wilfred --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org= --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org