csrfGenerateToken() and csrfVerifyToken() with no arguments throw a null pointer exception.

Description

After the fix from LDEV-2536, the csrfGenerateToken function works with sessionCluster = false, but calling it with no arguments throws a null pointer exception when sessions are stored in redis.

Same thing with csrfVerifyToken() when only the token is provided instead of the key.

Example Application.cfc if redis is running locally, using the Lucee Beta Redis driver 2.9.0.3:

 

 

Then in index.cfm:

 

 

Result:

 

 

Environment

None

Status

Assignee

Michael Offner

Reporter

Samuel W. Knowlton

Labels

Fix versions

Affects versions

Priority

New
Configure