<font face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif" size="2"><div>Hi guys,</div><div><br></div><div>i have a question about CSRF security issue in older OpenCms versions.</div><div><br></div><div>According to release notes for OpenCms 10.5.4, i think that problem should be resolved:</div><div><a href="http://www.opencms.org/en/news/180517-opencms-v1054.html">http://www.opencms.org/en/news/180517-opencms-v1054.html</a></div><div><br></div><div>"Improved security by using a client id token to prevent session hijacking."</div><div><br></div><div>I have to know in detail, how is it resolved (i need to aprove it). I checked headers/cookies in administration (during manipulation with user groups) and i don't see any unique token/id which send to the server.</div><div><br></div><div>Can someone explain how it works please (you can send me to link to the GitHub commits in OpenCms 10.5.4 - we can compare it with OpenCms 10.5.3.)?</div><div><br></div><div>I know that old-styled workplace was removed in OpenCms 11, but we have to check all options... Thank you in advance.</div><div><br>S pozdravem / Kind regards<br><br>Filip Kratochvil<br>Web & Portal Consultant<br><br>IBA CZ, s.r.o.<br>Office: Radlická 751/113e, 158 00 Praha, CZ<br>Phone: +420 777 366 998<br>E-mail: <a href="mailto:filip.kratochvil@ibacz.eu">filip.kratochvil@ibacz.eu</a></div><div><br><hr>Disclaimer:<br><br>The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it.<br>It may contain confidential or legally privileged information.<br>If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful.<br>If you have received this communication in error, please notify us immediately by forwarding this email to ict@ibacz.eu and then delete it from your system.<br>IBA Group is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.<br> </div></font>