Reputation: 11
csrf token per request in vaadin
I'm new to vaadin and I want to implement a csrf token protection , I found that vaadin already inject csrf token in requests but the problem is that the csrf token is the same in each request , is their any configuration in vaadin to generate new token in each request? or is their any way to force vaadin to regenerate a csrf token when new session is created?
I used the following code to solve session fixation vulnerability but the problem is the csrf token remain the same of the previous session token; because the reinitializeSession method creates a new session with the same contents with new jsessionID
VaadinService.reinitializeSession()
Upvotes: 1
Views: 659
Answers (1)
Reputation: 8001
There's current a pull request open for adding that kind of functionality: https://github.com/vaadin/framework/pull/10953.
Upvotes: 0
Related Questions
- how does csrf token per request work
- 403 CSRF token error using Vaadin with Spring Security
- CSRF token value when same page is opened in two tabs on same machine?
- generate dynamic csrf-token for laravel SPA
- Different csrf token per request in Spring security
- CSRF token using SPA
- Sessions handling in Vaadin
- Avoiding CSRF tokens
- CSRF and ever changing tokens
- Preserve Vaadin session data