[gradebook2-dev] Fwd: Security Violation in 1.4.x-test version of GB2?
Jim Eng
jimeng at umich.edu
Tue Mar 22 10:04:25 PDT 2011
I tried the 1.4.1 tag of gradebook2 with the same result. Has anybody else seen anything like this with GB2 v 1.4.1 or 1.4.x? It's possible this could be an issue with our Group Provider, but it's happening in GB2 code. Any ideas will be appreciated.
JIm
On Mar 22, 2011, at 12:20 PM, Jim Eng wrote:
> I am trying to do some testing on GB2 version 1.4, so I checked out and built the following version in trunk of sakai:
>
> https://source.sakaiproject.org/contrib/gradebook2/branches/1.4.x-test
>
> I want to verify that a particular feature is working in 1.4.x. I'm not sure that this is the best version to use.
>
> When I try to access GB2, I get an error. It's shown in the attached screenshot. In addition, I see two error messages in the logs:
>
> 2011-03-22 10:52:48,326 ERROR http-8080-Processor23 org.sakaiproject.gradebook.gwt.server.ServletWrappingController - ERROR: X-XSRF-Cookie violation
> 2011-03-22 10:52:48,330 ERROR http-8080-Processor25 org.sakaiproject.gradebook.gwt.server.ServletWrappingController - ERROR: X-XSRF-Cookie violation
>
> Those messages are logged at line 160 of ServletWrappingController.java. Before that, the value of jsessionId is "No-Cookie" (at line 110), but the session is retrieved (at line 117) and its sessionId is retrieved, but the value of jsessionId does not match with the sessionId (in line 125), which causes the error message to be logged. And after that, GB2 displays the error messages in the UI.
>
> Any suggestions?
>
> Thanks.
>
> Jim
>
>
>
> <gb2-security-exception.png>
>
>
>
> _______________________________________________
> gradebook2-dev mailing list
> gradebook2-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/gradebook2-dev
More information about the gradebook2-dev
mailing list