Daily Archives: March 4, 2009

ASP.Net MVC RC 2 fixes the AntiForgeryToken

I can’t see anything in the release notes about it but all my previous problems with the AntiForgeryToken appear to have been fixed. I’ve now been able to remove the kludge where I removed the previous cookie to prevent a crash further down the line.

They’ve also made a change to make cookies from different web applications from stomping on each other. That’s roughly what my helper change does, but they’ve done it in a different way. They change the name of the cookie based on the application Request.ApplicationPath. I figure I’ll keep my extension but it’s neat to see they’ve come up with a way to deal with that.

The added bonus of not clearing the cookie every time (as I was before) is that the token doesn’t change and so you can use the back button (assuming you don’t use different salt on each page).


Get every new post delivered to your Inbox.

Join 83 other followers