You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have recently migrated to the CSRF 4.1.3 from older version 3.1.0 , After having this implemented , we have started facing error specifically on Edge browser over IE-11 Mode.
We are using apache server beneath weblogic server, we are not able to figure out the real root cause, but reverting back CSRF guard to older version 3.1.0 fixed this.
Important Note - It is happening through Third party application interaction with our application and third party application is using IFRAME, We only have this issue in the EDGE in IE-11 mode , but working on all other browsers. Moreover, On first request everything looks fine and our application page loads in IFRAME, But on second request , the cookie which browser sent does not match the server session ID as cookie sent by browser on second request is different from the initial one, which results in invalid session error. Nevertheless, Reverting back to older CSRF Guard fix everything.
Few questions striking my mind here are -
Does CSRF guard 4.1.3 have a support for IE-11 or EDGE in IE-11 Mode ?
Is there any property to handle this in CSRF guard ?
Is this happening due to apache server configuration ?. which should not be the case because older version is working fine on same apache.
Any other possibility or suggestion?
We love to hear back on this and will definitely appreciate any kind of help or suggestions.
The text was updated successfully, but these errors were encountered:
vikrantvij1
changed the title
CSRF Guard 4.1.13 forcing session timeout when used with apache and weblogic server, particularly on Browser Edge in IE 11 Mode
CSRF Guard 4.1.13 forcing Invalid session when used with apache and weblogic server, particularly on Browser Edge in IE 11 Mode
Jul 29, 2022
vikrantvij1
changed the title
CSRF Guard 4.1.13 forcing Invalid session when used with apache and weblogic server, particularly on Browser Edge in IE 11 Mode
CSRF Guard 4.1.13 - Invalid session error when used with apache and weblogic server, particularly only on Browser Edge in IE 11 Mode
Jul 29, 2022
vikrantvij1
changed the title
CSRF Guard 4.1.13 - Invalid session error when used with apache and weblogic server, particularly only on Browser Edge in IE 11 Mode
CSRF Guard 4.1.3 - Invalid session error when used with apache and weblogic server, particularly only on Browser Edge in IE 11 Mode
Jul 29, 2022
We have recently migrated to the CSRF 4.1.3 from older version 3.1.0 , After having this implemented , we have started facing error specifically on Edge browser over IE-11 Mode.
We are using apache server beneath weblogic server, we are not able to figure out the real root cause, but reverting back CSRF guard to older version 3.1.0 fixed this.
Important Note - It is happening through Third party application interaction with our application and third party application is using IFRAME, We only have this issue in the EDGE in IE-11 mode , but working on all other browsers. Moreover, On first request everything looks fine and our application page loads in IFRAME, But on second request , the cookie which browser sent does not match the server session ID as cookie sent by browser on second request is different from the initial one, which results in invalid session error. Nevertheless, Reverting back to older CSRF Guard fix everything.
Few questions striking my mind here are -
Does CSRF guard 4.1.3 have a support for IE-11 or EDGE in IE-11 Mode ?
Is there any property to handle this in CSRF guard ?
Is this happening due to apache server configuration ?. which should not be the case because older version is working fine on same apache.
Any other possibility or suggestion?
We love to hear back on this and will definitely appreciate any kind of help or suggestions.
The text was updated successfully, but these errors were encountered: