CSRF ONLY work at HttpSession level

Hi, experts

Through my experiment at WebMethods DEV integration server, when I turned ON csfr, CSRF only works at current session.

If I refreshes dap page or log in new session, CSRF function goes off ( I can access dsp page)

In conclusion, CSRF works ONLY inside HTTP session

please let me know how to solve this issue



Hi Leon,
What you mean by CSRF function goes off, does it mean when you do refresh DSP page and you don’t see CSRF token ? What is the Integration Server version you are using?

Generally, after enabling the CSRF guard in IS (Security > CSRF Guard ), you should refresh the home page and then all the access to any page will have CSRF token. And even after logout and login , CSRF is enabled.


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.