You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Ganesh Dhakshinamurthy <ga...@gmail.com> on 2011/12/23 20:45:52 UTC
Tomcat CsrfPreventionFilter - LRU Cache
>
> Hi
> I recently came across an issue reported regarding the LRU
> cache implementation in CsrfPreventionFilter. It was reported that FIFO was
> implemented instead of LRU. We are facing an issue in our application due
> this, [Nonce tokens getting rejected]. I searched in the bugs database to
> check if this was reported, but couldn't find any. Can somebody please let
> me know if this is a known issue and something is on the works to fix it?
>
> Thanks,
> Ganesh
>
Re: Tomcat CsrfPreventionFilter - LRU Cache
Posted by Ganesh Dhakshinamurthy <ga...@gmail.com>.
Hello Mark
Thanks for the info.
- Ganesh
On Fri, Dec 23, 2011 at 3:30 PM, Mark Thomas <ma...@apache.org> wrote:
> On 23/12/2011 19:45, Ganesh Dhakshinamurthy wrote:
> >>
> >> Hi
> >> I recently came across an issue reported regarding the LRU
> >> cache implementation in CsrfPreventionFilter. It was reported that FIFO
> was
> >> implemented instead of LRU. We are facing an issue in our application
> due
> >> this, [Nonce tokens getting rejected]. I searched in the bugs database
> to
> >> check if this was reported, but couldn't find any. Can somebody please
> let
> >> me know if this is a known issue and something is on the works to fix
> it?
>
> The last time it came up, no conclusion was reached as to which is the
> best approach: LRU or FIFO. There are arguments for both which probably
> means it really needs to be configurable.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Tomcat CsrfPreventionFilter - LRU Cache
Posted by Mark Thomas <ma...@apache.org>.
On 23/12/2011 19:45, Ganesh Dhakshinamurthy wrote:
>>
>> Hi
>> I recently came across an issue reported regarding the LRU
>> cache implementation in CsrfPreventionFilter. It was reported that FIFO was
>> implemented instead of LRU. We are facing an issue in our application due
>> this, [Nonce tokens getting rejected]. I searched in the bugs database to
>> check if this was reported, but couldn't find any. Can somebody please let
>> me know if this is a known issue and something is on the works to fix it?
The last time it came up, no conclusion was reached as to which is the
best approach: LRU or FIFO. There are arguments for both which probably
means it really needs to be configurable.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org