[FLOW3-general] Remove csrfToken from URL
Rudy Gnodde
rgn at windinternet.nl
Fri Feb 8 10:06:54 CET 2013
Hello all,
I'm working on my first Flow application. I do have experience with
Extbase, so most things are at least familiar.
For this application people need to log in, so I set up authentication
using a PersistedUsernamePasswordProvider. This works fine, except that
all URLs are appended by a __csrfToken parameter. Normally this wouldn't
technically be a problem, but this application should be available
offline using applicationCache. The problem is that after each login the
__csrfToken in the URL changes, which means it will be seen as a
separate page and is cached as a separate entity. This results in
duplicate cache entries.
So, my question is: Is there a way to remove the __csrfToken parameter
from the URL (without breaking authentication)?
Thanks,
Rudy
More information about the FLOW3-general
mailing list