GWT 2.3 XSRF Invalid RPC token (Session cookie is not set or empty! Unable to generate XSRF cookie)
2,930 views
Skip to first unread message
Алексей Заряев
Aug 15, 2011, 4:48:40 AM8/15/11
to Google Web Toolkit
I try to implement XSRF on gwt project, but get error:
[WARN] Exception while dispatching incoming RPC call
com.google.gwt.user.server.rpc.UnexpectedException: Service method
'public abstract com.google.gwt.user.client.rpc.XsrfToken
com.google.gwt.user.client.rpc.XsrfTokenService.getNewXsrfToken()'
threw an unexpected exception:
com.google.gwt.user.client.rpc.RpcTokenException: Invalid RPC token
(Session cookie is not set or empty! Unable to generate XSRF cookie)
at
com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:
385)
[ERROR] 500 - POST /gorod/xsrf (127.0.0.1) 57 bytes
Request headers
Host: 127.0.0.1:8888
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/
20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/
*;q=0.8
Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cache-Control: no-cache
Referer: http://127.0.0.1:8888/Gorod.html?gwt.codesvr=127.0.0.1:9997
X-GWT-Permutation: HostedMode
X-GWT-Module-Base: http://127.0.0.1:8888/gorod/
Content-Type: text/x-gwt-rpc; charset=utf-8
Content-Length: 142
Pragma: no-cache
Response headers
Content-Type: text/plain
I have gwt-dev.jar on my WEB-INF/lib and classpath.
[WARN] Exception while dispatching incoming RPC call
com.google.gwt.user.server.rpc.UnexpectedException: Service method
'public abstract com.google.gwt.user.client.rpc.XsrfToken
com.google.gwt.user.client.rpc.XsrfTokenService.getNewXsrfToken()'
threw an unexpected exception:
com.google.gwt.user.client.rpc.RpcTokenException: Invalid RPC token
(Session cookie is not set or empty! Unable to generate XSRF cookie)
at
com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:
385)
[ERROR] 500 - POST /gorod/xsrf (127.0.0.1) 57 bytes
Request headers
Host: 127.0.0.1:8888
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/
20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/
*;q=0.8
Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cache-Control: no-cache
Referer: http://127.0.0.1:8888/Gorod.html?gwt.codesvr=127.0.0.1:9997
X-GWT-Permutation: HostedMode
X-GWT-Module-Base: http://127.0.0.1:8888/gorod/
Content-Type: text/x-gwt-rpc; charset=utf-8
Content-Length: 142
Pragma: no-cache
Response headers
Content-Type: text/plain
I have gwt-dev.jar on my WEB-INF/lib and classpath.
Chak Lai
Aug 15, 2011, 9:38:07 AM8/15/11
to google-we...@googlegroups.com
Just need to set the cookie before you start XSRF
For example:
import com.google.gwt.user.client.Cookies;
.....
// The name of cookie should match with the value defined by gwt.xsrf.session_cookie_name in your web.xml
// The value can be anything you want
//
Cookies.setCookie(name, value);
For example:
import com.google.gwt.user.client.Cookies;
.....
// The name of cookie should match with the value defined by gwt.xsrf.session_cookie_name in your web.xml
// The value can be anything you want
//
Cookies.setCookie(name, value);
Алексей Заряев
Aug 15, 2011, 10:07:39 PM8/15/11
to google-we...@googlegroups.com
Thanks for advice Chak,
I have added setCookie, but I have other error now:
[WARN] gorodServlet: An RpcTokenException was thrown while processing this call.
com.google.gwt.user.client.rpc.RpcTokenException: Invalid RPC token (XSRF token missing)
at com.google.gwt.user.server.rpc.XsrfProtectedServiceServlet.validateXsrfToken(XsrfProtectedServiceServlet.java:104)
I have added setCookie, but I have other error now:
[WARN] gorodServlet: An RpcTokenException was thrown while processing this call.
com.google.gwt.user.client.rpc.RpcTokenException: Invalid RPC token (XSRF token missing)
at com.google.gwt.user.server.rpc.XsrfProtectedServiceServlet.validateXsrfToken(XsrfProtectedServiceServlet.java:104)
Ali Jalal
Sep 3, 2011, 10:44:10 AM9/3/11
to google-we...@googlegroups.com
Hi,
I see this error sometimes (not always), so for solving this problem, I first send a Rpc and fixing JSESSIOID cookie on server-side by setting it to getThreadLocalRequest().getRequestedSessionId(). So I'm sure that JSESSIONID cookie exists. Then calling XSRF to generate XSRF token and it works.
Note that JSESSIONID should not be changed (Session on server-side should not be invalidated). If JSESSIONID being changed (by calling httpSession.invalidate() method) you should generate new XSRF token and set it to all XSRF-protected service async objects.
I see this error sometimes (not always), so for solving this problem, I first send a Rpc and fixing JSESSIOID cookie on server-side by setting it to getThreadLocalRequest().getRequestedSessionId(). So I'm sure that JSESSIONID cookie exists. Then calling XSRF to generate XSRF token and it works.
Note that JSESSIONID should not be changed (Session on server-side should not be invalidated). If JSESSIONID being changed (by calling httpSession.invalidate() method) you should generate new XSRF token and set it to all XSRF-protected service async objects.
To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/UnSgtxxZ8FkJ.
--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-we...@googlegroups.com.
To unsubscribe from this group, send email to google-web-tool...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Reply all
Reply to author
Forward
0 new messages