Webiste bugs after update

Trustmaster	#5008 2009-01-10 17:18
Administrators Thanked: 265 kez	It happens when: [list=1] You are logged in with "remember me" flag You send a request (e.g. click a link) and then without waiting for page to load you send another request (e.g. click a link again) It is request and cookie forgery protection: a secret key changes on every request and the cookie is changed every request too. If you send a request but your cookie hasn't updated yet, the site considers that as request forgery and breaks the session. It is quite a high wall for CSRF and XSS attackers, but as I see it causes problems for many users so, seems like unfortunately we will have to lower our defence in favor of user comfort. May the Source be with you!

Trustmaster

#5008 2009-01-10 17:18

It happens when:
[list=1]

You are logged in with "remember me" flag

You send a request (e.g. click a link) and then without waiting for page to load you send another request (e.g. click a link again)

It is request and cookie forgery protection: a secret key changes on every request and the cookie is changed every request too. If you send a request but your cookie hasn't updated yet, the site considers that as request forgery and breaks the session.

It is quite a high wall for CSRF and XSS attackers, but as I see it causes problems for many users so, seems like unfortunately we will have to lower our defence in favor of user comfort.

May the Source be with you!