Forum

I am using OWASP to prevent information leakage on my application. But this not working properly as expected.

I logged in to my application and done some random clicks on the tabs in the application. Then I cleared the web browser  history and cookies .When I click on any tab after  this I will get an pop up screen by saying the session got expired please login again and it redirects me to the login screen when I click on the “ok” button (Till this it worked fine ) . But when I login again and clicking on the tab that used in the last session after deleting the cookies, I get the error “cross-site request forgery (CSRF) attack ...” (this is something weird).  If am Clicking on any other tabs I am not getting any error and it works fine

 

   this is a snippet of my OWASP.properties file :-

      #org.owasp.csrfguard.action.Empty=org.owasp.csrfguard.action.Empty

     org.owasp.csrfguard.action.Log=org.owasp.csrfguard.action.Log

     org.owasp.csrfguard.action.Log.Message=potential cross-site request forgery (CSRF) attack thwarted (user:%user%, ip:%remote_ip%, uri:%request_uri%, error:%exception_message%)

        #org.owasp.csrfguard.action.Invalidate=org.owasp.csrfguard.action.Invalidate

        org.owasp.csrfguard.action.Redirect=org.owasp.csrfguard.action.Redirect

        org.owasp.csrfguard.action.Redirect.Page=/ourUI/csrfError.jsp

        #org.owasp.csrfguard.action.Redirect.Page=/OLDUI/error/error.jsp

        #org.owasp.csrfguard.action.RequestAttribute=org.owasp.csrfguard.action.RequestAttribute

        #org.owasp.csrfguard.action.RequestAttribute.AttributeName=errMsg

        org.owasp.csrfguard.action.Rotate=org.owasp.csrfguard.action.Rotate

        #org.owasp.csrfguard.action.SessionAttribute=org.owasp.csrfguard.action.SessionAttribute

        #org.owasp.csrfguard.action.SessionAttribute.AttributeName=Owasp_CsrfGuard_Exception_Key

   

I have uncommented the following line and checked

    org.owasp.csrfguard.action.Invalidate=org.owasp.csrfguard.action.Invalidate

 This time I got the error when I click first time on the tab which has been used on last in last session (followed the same procedure as above) Second time onwards it worked fine. Can anyone please help to find why this error I am getting? Do I need to make any other changes on this file?

You need to be a member of OWASP to add comments!

Join OWASP

Email me when people reply –