Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session timeout CSRF problem #323

Closed
webbird opened this issue Sep 8, 2015 · 0 comments
Closed

Session timeout CSRF problem #323

webbird opened this issue Sep 8, 2015 · 0 comments
Assignees
@webbird
Labels
bug security
Milestone
vLater

Comments

@webbird
Copy link
Contributor

webbird commented Sep 8, 2015

See also: #304

We have added a better session handling in BC v1.2 that helps to avoid data loss. But there's a known bug: If the open page contains a form - what means it also contains a CSRF token - there will be a "CRSF token timeout" message (Javascript Popup) if the session ends. If the user closes this, the page is reloaded without new login.
@webbird webbird self-assigned this Sep 8, 2015
@webbird webbird added this to the vLater milestone Sep 8, 2015
@webbird webbird closed this as completed Jul 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@webbird webbird

Labels
bug security
Projects
None yet
Milestone
vLater
Development

No branches or pull requests
1 participant
@webbird