fixed: csrf token is const #437

Merged
merged 1 commit into from Dec 13, 2014

Conversation

Projects
None yet
2 participants
@cuongth

cuongth commented Feb 9, 2014

Thanks for Nicolay Garanko's explanation, I can understand his implementation (boss_csrf_filter.erl) and can use it smoothly.
He also provides simple app to test boss_form and boss_csrf_filter: github.com/ngaranko/r2d2

I recognized that csrf_token doesn't change after refresh /public/login, even delete cookies.
The problem is random:uniform(64) returns constant.
Prefer: http://pdincau.wordpress.com/2012/02/15/how-to-generate-random-numbers-in-erlang/

danikp added a commit that referenced this pull request Dec 13, 2014

@danikp danikp merged commit b4fa995 into ChicagoBoss:master Dec 13, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment