I am using OWASP to prevent information leakage on my application. But this not working properly as expected.

I logged in to my application and done some random clicks on the tabs in the application. Then I cleared the web browser  history and cookies .When I click on any tab after  this I will get an pop up screen by saying the session got expired please login again and it redirects me to the login screen when I click on the “ok” button (Till this it worked fine ) . But when I login again and clicking on the tab that used in the last session after deleting the cookies, I get the error “cross-site request forgery (CSRF) attack ...” (this is something weird).  If am Clicking on any other tabs I am not getting any error and it works fine


   this is a snippet of my file :-



     org.owasp.csrfguard.action.Log.Message=potential cross-site request forgery (CSRF) attack thwarted (user:%user%, ip:%remote_ip%, uri:%request_uri%, error:%exception_message%)











I have uncommented the following line and checked


 This time I got the error when I click first time on the tab which has been used on last in last session (followed the same procedure as above) Second time onwards it worked fine. Can anyone please help to find why this error I am getting? Do I need to make any other changes on this file?

You need to be a member of OWASP to add comments!


Email me when people reply –