XSRF Initial Token Generation
61 views
Skip to first unread message
batosai
Jul 15, 2011, 8:02:20 PM7/15/11
to Google Web Toolkit
Hi ,
I am trying to add XSRF protection to my app using the newly
introduced method in 2.3 http://code.google.com/webtoolkit/doc/latest/DevGuideSecurityRpcXsrf.html
, but I was wondering when and where is the value of the cookie (not
the token) gets generated or set. I know that the token is generated
by the XsrfTokenServiceServlet using the cookie value of the cookie
name you use ( JSESSIONID for example ) but where/when is the cookie
value set.
If somebody can explain the interaction sequence between the server
and client , that would be much appreciated.
I am trying to add XSRF protection to my app using the newly
introduced method in 2.3 http://code.google.com/webtoolkit/doc/latest/DevGuideSecurityRpcXsrf.html
, but I was wondering when and where is the value of the cookie (not
the token) gets generated or set. I know that the token is generated
by the XsrfTokenServiceServlet using the cookie value of the cookie
name you use ( JSESSIONID for example ) but where/when is the cookie
value set.
If somebody can explain the interaction sequence between the server
and client , that would be much appreciated.
Chak Lai
Jul 18, 2011, 12:45:37 PM7/18/11
to google-we...@googlegroups.com
You may just set the cookie using the methods in com.google.gwt.user.client.Cookies
For example:
public void onModuleLoad()
{
Cookies.setCookie("JSESSIONID", "Any value you like for the XSRF Token creation");
}
Reply all
Reply to author
Forward
0 new messages