https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39435 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jonathan.druart@gmail.com --- Comment #34 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Implemented the middleware approach now. Had some struggles with Koha::Token and the CSRF middleware class. Instead of passing an undefined session (scalar on no cookie), I am passing the default session id used in Koha::Token. When removing the returns on a false but defined session, this should effectively remove the need for the second check in a row in check_csrf added on 36102. This explains the small changes in Koha::Token and Middleware::CSRF. While testing, the browser cache sometimes got in the way. -- You are receiving this mail because: You are watching all bug changes.