Organizational Research By

Surprising Reserch Topic

Experts Most Trusted Topic


spring single page application csrf token changing silently after login logout


spring single page application csrf token changing silently after login logout  using -'spring,spring-mvc,spring-security'

As I know, in a Spring+JavaScript single page application, we need to send the CSRF token to the client in some way.

A recommended way would be to have a CsrfHeaderFilter as described in this Spring guide. Following this approach, when the application will start, it will send a GET request to the server, thus fetching the token.

But I see that under certain events like login or logout, Spring Security changes the token. CsrfHeaderFilter comes beforehand, and so can't detect the change. Hence, I am needing to send another GET request following such events.

I tried peeping at the Spring Security code to find if there would be a way to send the changed token along with these login or logout requests, so that another GET request is saved. But, could not find a way.

Liked to know if sending a dummy GET request after login, logout etc., as I am now doing, looks like a good solution. Or, maybe there is a better way?

If there is currently no way to avoid this redundant GET request, I was wondering if this becomes a ticket for Spring Security to come up with something after which it would be possible.
    

asked Oct 6, 2015 by vibhorsingh
0 votes
10 views



Related Hot Questions



Government Jobs Opening


...