Possible to disable the invoking of Login/Logout handlers via browser address bar?
andrew.webb at statpro.com
Fri Aug 24 10:32:53 EDT 2012
Why not support HTTP POST as well as GET for session initiation and
termination (with an anti-CSRF mechanism, of course)?
View this message in context: http://shibboleth.1660669.n2.nabble.com/Possible-to-disable-the-invoking-of-Login-Logout-handlers-via-browser-address-bar-tp7581455p7581459.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.
More information about the users