CSRF Guard 4.1.3 - invalid session when used with apache and weblogic server, particularly on Browser Edge in IE 11 Mode #115
Closed
vikrantvij1
started this conversation in
General
Replies: 1 comment
-
|
Hello @vikrantvij1,
You haven't provided enough information for me to come up with a better educated guess, or to be able to reproduce/debug/troubleshoot the problem. p.s.:
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We have recently migrated to the CSRF 4.1.3 from older version 3.1.0 , After having this implemented , we have started facing error specifically on Edge browser over IE-11 Mode.
We are using apache server beneath weblogic server, we are not able to figure out the real root cause, but reverting back CSRF guard to older version 3.1.0 fixed this.
Important Note - It is happening through Third party application interaction with our application and third party application is using IFRAME, We only have this issue in the EDGE in IE-11 mode , but working on all other browsers. Moreover, On first request everything looks fine and our application page loads in IFRAME, But on second request , the cookie which browser sent does not match the server session ID as cookie sent by browser on second request is different from the initial one, which results in invalid session error. Nevertheless, Reverting back to older CSRF Guard fix everything.
Few questions striking my mind here are -
We love to hear back on this and will definitely appreciate any kind of help or suggestions.
Beta Was this translation helpful? Give feedback.
All reactions