CSRF functions are restricted to CF Sessions

Description

It appears that both CSRF functions (CSRFGenerateToken(), CSRFVerifyToken()) throw an exception when sessionType is set as "j2ee".

Test code for CSRFGenerateToken():

1 2 3 4 5 6 try { token = CSRFGenerateToken(); dump(token); } catch (Any e) { dump(e); }

The code above throws the following exception:

*this function only works with CF Sessions at lucee.runtime.functions.csrf.CSRFGenerateToken.getStorageScope(CSRFGenerateToken.java:47):47 at lucee.runtime.functions.csrf.CSRFGenerateToken.call(CSRFGenerateToken.java:42):42 at lucee.runtime.functions.csrf.CSRFGenerateToken.call(CSRFGenerateToken.java:33):33 at tests.csrf_cfm$cf.call(/tests/csrf.cfm:4):4 at lucee.runtime.PageContextImpl.doInclude(PageContextImpl.java:921):921 at lucee.runtime.PageContextImpl.doInclude(PageContextImpl.java:902):902 at lucee.runtime.listener.ModernAppListener._onRequest(ModernAppListener.java:223):223 at lucee.runtime.listener.ModernAppListener.onRequest(ModernAppListener.java:101):101 at lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2257):2257 at lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2224):2224 at lucee.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:456):456 at lucee.loader.servlet.CFMLServlet.service(Unknown Source):-1 at javax.servlet.http.HttpServlet.service(HttpServlet.java:790):790 at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:738):738 at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:551):551 at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143):143 at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:568):568 at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221):221 at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1111):1111 at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:478):478 at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183):183 at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1045):1045 at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141):141 at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:199):199 at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109):109 at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97):97 at org.eclipse.jetty.server.Server.handle(Server.java:462):462 at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:279):279 at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:232):232 at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:534):534 at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607):607 at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536):536 at java.lang.Thread.run(Thread.java:745):745 *

Environment

MacOS 10.9

CentOS, Tomcat8, Java8, Apache 2.4

Status

Assignee

Igal Sapir

Reporter

Jason Brookins

Sprint

None

Fix versions

Affects versions

4.5.2.018
4.5.1.022
5.0.0.235

Priority

Major
Configure