Rob Winch
Rob Winch
Perhaps this does make sense to change the behavior of the cookie based implementation since a user can technically read the cookie directly. The session based implementation makes no sense...
I'm not sure I understand the suggestion. User's can already provide a URL that subscribes to the CSRF token which would write it out, so this would be a nothing...
I think of the custom repository as more of a work around. In regards to the URL, I'm just speaking of something like the Controller Advice I provided. you could...
Ok. Thanks for the response. I'm going to reopen the issue since we agree it would be nice for some sort of support for this. I still don't know exactly...
There are no updates on this. To answer everyone's question, the reason that it is never persisted if it isn't subscribed to is that we attempt to avoid work that...
@vpavic Thanks! @jzheaux I feel like this might be something we need to enhance so that all the same expressions are available. What are your thoughts?
Please also see gh-7411
Please see gh-4788
@Sc00bz Thanks for the updated numbers. The trouble is that we don't know what hardware users are leveraging to run their servers and minimums are a tradeoff. The attackers will...
@Sc00bz There are tradeoffs to setting the [work factor](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#work-factors) and recommended settings are the deployed environment (i.e. hardware) of the application which as a framework we don't have access to....