Alexander Wels has submitted this change and it was merged. Change subject: userportal,webadmin: xsrf token changes ...................................................................... userportal,webadmin: xsrf token changes - The token was generated in a way that confused people into thinking it did more than it actually did. This patch changes the generation to some random value that is used throughout the session lifetime. Change-Id: Ic028b0d1f8a6fd0cf67863af51d02d892d33f5fb Signed-off-by: Alexander Wels <awels@redhat.com> --- M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/OvirtXsrfTokenServiceServlet.java M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/XsrfProtectedRpcServlet.java A frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/XsrfTokenGeneratorHttpSessionListener.java 3 files changed, 71 insertions(+), 76 deletions(-) Approvals: Alon Bar-Lev: Looks good to me, but someone else must approve Alexander Wels: Verified Vojtech Szocs: Looks good to me, approved -- To view, visit http://gerrit.ovirt.org/31089 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ic028b0d1f8a6fd0cf67863af51d02d892d33f5fb Gerrit-PatchSet: 6 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alexander Wels <awels@redhat.com> Gerrit-Reviewer: Alexander Wels <awels@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alonbl@redhat.com> Gerrit-Reviewer: Einav Cohen <ecohen@redhat.com> Gerrit-Reviewer: Vojtech Szocs <vszocs@redhat.com> Gerrit-Reviewer: automation@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server