[gradebook2-dev] Fwd: Security Violation in 1.4.x-test version of GB2?
Jim Eng
jimeng at umich.edu
Tue Mar 22 09:20:01 PDT 2011
I am trying to do some testing on GB2 version 1.4, so I checked out and built the following version in trunk of sakai:
https://source.sakaiproject.org/contrib/gradebook2/branches/1.4.x-test
I want to verify that a particular feature is working in 1.4.x. I'm not sure that this is the best version to use.
When I try to access GB2, I get an error. It's shown in the attached screenshot. In addition, I see two error messages in the logs:
2011-03-22 10:52:48,326 ERROR http-8080-Processor23 org.sakaiproject.gradebook.gwt.server.ServletWrappingController - ERROR: X-XSRF-Cookie violation
2011-03-22 10:52:48,330 ERROR http-8080-Processor25 org.sakaiproject.gradebook.gwt.server.ServletWrappingController - ERROR: X-XSRF-Cookie violation
Those messages are logged at line 160 of ServletWrappingController.java. Before that, the value of jsessionId is "No-Cookie" (at line 110), but the session is retrieved (at line 117) and its sessionId is retrieved, but the value of jsessionId does not match with the sessionId (in line 125), which causes the error message to be logged. And after that, GB2 displays the error messages in the UI.
Any suggestions?
Thanks.
Jim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gb2-security-exception.png
Type: image/png
Size: 63518 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/gradebook2-dev/attachments/20110322/76feb655/attachment-0001.png
-------------- next part --------------
More information about the gradebook2-dev
mailing list