[Bug 55526] New: Overly eager CSRF protection in manager app

bugzilla Thu, 05 Sep 2013 01:49:13 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=55526


            Bug ID: 55526
           Summary: Overly eager CSRF protection in manager app
           Product: Tomcat 7
           Version: 7.0.28
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Manager
          Assignee: dev@tomcat.apache.org
          Reporter: fh+apa...@hars.de

Using browser tabs or the back button in the manager app will occasionally
result in incorrect forbidden errors.

Steps to reproduce:

1. Open the Session list for a webapp
2. Click on a session id
3. Click the back-button
4. Click on a session id
5. Click the back-button
6. Click on a session id
7. Click the back-button

Expected result: The browser displays the session list
Observed result: 403 Forbidden.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 55526] New: Overly eager CSRF protection in manager app

Reply via email to