Kanboard-Prod

Commit Graph

Author	SHA1	Message	Date
irdc	4b76bc5b32	Use a HMAC to sign and validate CSRF tokens, instead of generating random ones and storing them in the session data * Use a HMAC to sign and validate CSRF tokens, instead of generating random ones and storing them in the session data. Reduces number of writes to sessions table and fixes kanboard issue #4942. * Added missing CSRF check for starting/stopping subtask timers. Co-authored-by: Willemijn Coene <willemijn@irdc.nl>	2022-09-17 17:23:41 -07:00
Frederic Guillot	6756ef2301	Move token generation to Security namespace	2015-10-25 15:05:19 -04:00

Author

SHA1

Message

Date

irdc

4b76bc5b32

Use a HMAC to sign and validate CSRF tokens, instead of generating random ones and storing them in the session data

* Use a HMAC to sign and validate CSRF tokens, instead of generating random
ones and storing them in the session data. Reduces number of writes to
sessions table and fixes kanboard issue #4942.
* Added missing CSRF check for starting/stopping subtask timers.

Co-authored-by: Willemijn Coene <willemijn@irdc.nl>

2022-09-17 17:23:41 -07:00

Frederic Guillot

6756ef2301

Move token generation to Security namespace

2015-10-25 15:05:19 -04:00

2 Commits