fixed: csrf token is const #437

cuongth · Feb 9, 2014

Thanks for Nicolay Garanko's explanation, I can understand his implementation (boss_csrf_filter.erl) and can use it smoothly.
He also provides simple app to test boss_form and boss_csrf_filter: github.com/ngaranko/r2d2

I recognized that csrf_token doesn't change after refresh /public/login, even delete cookies.
The problem is random:uniform(64) returns constant.
Prefer: http://pdincau.wordpress.com/2012/02/15/how-to-generate-random-numbers-in-erlang/

fixed: csrf token is const

e5624d2

danikp added a commit that referenced this pull request Dec 13, 2014

Merge pull request #437 from cuongth/boss_branch
fixed: csrf token is const

b4fa995

danikp merged commit b4fa995 into ChicagoBoss:master Dec 13, 2014

ChicagoBoss/ChicagoBoss

fixed: csrf token is const #437

cuongth commented Feb 9, 2014

danikp added a commit that referenced this pull request Dec 13, 2014

danikp merged commit `b4fa995` into ChicagoBoss:master Dec 13, 2014

ChicagoBoss/ChicagoBoss

Join GitHub today

fixed: csrf token is const #437

Conversation

cuongth commented Feb 9, 2014

danikp added a commit that referenced this pull request Dec 13, 2014

danikp merged commit b4fa995 into ChicagoBoss:master Dec 13, 2014

danikp merged commit `b4fa995` into ChicagoBoss:master Dec 13, 2014