问题
I'm new to vaadin and I want to implement a csrf token protection , I found that vaadin already inject csrf token in requests but the problem is that the csrf token is the same in each request , is their any configuration in vaadin to generate new token in each request? or is their any way to force vaadin to regenerate a csrf token when new session is created?
I used the following code to solve session fixation vulnerability but the problem is the csrf token remain the same of the previous session token; because the reinitializeSession method creates a new session with the same contents with new jsessionID
VaadinService.reinitializeSession()
回答1:
There's current a pull request open for adding that kind of functionality: https://github.com/vaadin/framework/pull/10953.
来源:https://stackoverflow.com/questions/50836576/csrf-token-per-request-in-vaadin