Revision 7908073f
[BUGFIX] Start session when fetching a CSRF token
This change adds a ``@Flow\Session(autoStart=true)`` annotation to the
method ``Security\Context::getCsrfProtectionToken()``.
Background:
Currently ``CSRF`` tokens are bound to a session. Thus fetching a token
without starting a session makes no sense because the token will be
invalid on the next request.
In the long run we might be able to create "stateless" CSRF tokens that
don't require a session.
Change-Id: Ic7eaf07db4f42f41430effaf7939ce7ca1fd1175
Related: FLOW-130
Releases: master, 2.3, 2.2, 2.1
Depends: I896f6a722445deede1f0a656ea73db04f0d2e978
- added
- modified
- copied
- renamed
- deleted