Changes for page Security
Last modified by Vincent Massol on 2024/12/23
From version 31.1
edited by Vincent Massol
on 2023/11/07
on 2023/11/07
Change comment:
There is no comment for this version
To version 32.1
edited by Vincent Massol
on 2023/11/07
on 2023/11/07
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -50,7 +50,7 @@ 50 50 51 51 |= Cookie name|=Content|=Path|=Domain|=Max age|=Is Secure?|=Usage 52 52 |##JSESSIONID##|Unique number representing the Session|##/##|Web site domain|Session duration (30mn by default, can be configured in ##web.xml##)|No|Session cookie created by the Servlet Container 53 -|##ckCsrfToken##|Unique number (CSRF Token)|##/##|Web site domain|Session duration (30mn by default, can be configured in ##web.xml##)|Yes|Created by CKEditor. The CSRF token can be used to secure the communication between the web browser and the server, i.e. for the file upload feature in the editor. However XWiki doesn't use it. 53 +|##ckCsrfToken##|Unique number (CSRF Token)|##/##|Web site domain|Session duration (30mn by default, can be configured in ##web.xml##)|Yes|Created by CKEditor. The CSRF token can be used to secure the communication between the web browser and the server, i.e. for the file upload feature in the editor. However XWiki doesn't use it as it has its own CSRF token mechanism. 54 54 |##language##|Current user locale|##/##|Not set|10 years|No|Remember the locale used 55 55 |##interfacelanguage##|The interface language used for the current user|##/##|Not set|10 years|No|Remember the UI language used 56 56 |##visitid##|Random alphanumeric value of 32 characters|##/##|A value from the comma-separated list from the ##xwiki.authentication.cookiedomains## config parameter, if it matches the server name|Difference between 1 Jan 2030 and current date|No|To uniquely recognize the user when computing visit stats. Note that the stats feature is deprecated and turned off.
