(fix): Added xsrf token to session object and amended request validation method for the XSRF class
Added sessionId to XSRF token and updated the validateRequest method in the Security/XSRF class in order to check the sessionId if the user is logged in, otherwise it checks the XSRF token cookie for a logged out/guest user.
Regression tests
XSRF and Session tests need to be run to ensure no functionality has been broken.
To do:
-
Run tests to make sure that they are still passing -
Perform manual check of functionality
Closes issue #2073
Edited by Fausto Arcidiacono