Announcement Announcement Module
Collapse
No announcement yet.
How flowExecutionKey generated in Spring webflow 1.0 and spring web flow 2.0 ? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How flowExecutionKey generated in Spring webflow 1.0 and spring web flow 2.0 ?

    How flowExecutionKey generated in Spring webflow 1.0 and spring web flow 2.0 ? ,
    Is it possible to modify executionKey to make it more robust ?
    Please provide in detail example.
    Thanks.

  • #2
    What is wrong with the current strategy, why wouldn't it be robust enough? Used it on high traffic websites without any problems...

    Comment


    • #3
      I m moving from Spring web flow 1 to spring web flow 2. When i used webflow 1.0 the generated flow key was common for all states like "_flowExecutionKey=_cB991AE60-9F1A-C5D0-F745-0D817F5C0D39_k9364BE07-2413-78A7-3F6F-F0B8F226A40F" but while using the new version the executionkey generated is looks like e1s1 and changes for every state in the flow.

      I want to maintain a unique flowId through out my web flow to be unique like it used to be in spring web flow 1.0. Could you please let me know how can this be possible.


      please suggest any solution for this. This long length key help to prevent CSRF kind attacks

      Comment


      • #4
        The key is as safe as the one from webflow 1... THe flow execution key for webflow 1 also changes the part after _k is dynamic... The _k is comparable with the s part to determine the state to restore...

        Also if you rely on long keys to prevent CSRF attacks you should really implement real CSRF attack protection, security through obscurity (long keys) isn't very secure...

        Comment


        • #5
          Hi,

          Thanks for your reply!

          Can you please help to implement real CSRF protection to web flow application, please suggest how do i implement it,
          If you have any sample example, so that I can try to implement in my swf2.0 application ..

          Comment

          Working...
          X