Change-Id: I3f48f9bb42b36d0a46926ec753f30df95491720btags/8.0.0.alpha9
@@ -754,6 +754,12 @@ public class VaadinSession implements HttpSessionBindingListener, Serializable { | |||
private int connectorIdSequence = 0; | |||
/* | |||
* Despite section 6 of RFC 4122, this particular use of UUID *is* adequate | |||
* for security capabilities. Type 4 UUIDs contain 122 bits of random data, | |||
* and UUID.randomUUID() is defined to use a cryptographically secure random | |||
* generator. | |||
*/ | |||
private final String csrfToken = UUID.randomUUID().toString(); | |||
/** |
@@ -785,6 +785,12 @@ public class ConnectorTracker implements Serializable { | |||
} | |||
String seckey = streamVariableToSeckey.get(variable); | |||
if (seckey == null) { | |||
/* | |||
* Despite section 6 of RFC 4122, this particular use of UUID *is* | |||
* adequate for security capabilities. Type 4 UUIDs contain 122 bits | |||
* of random data, and UUID.randomUUID() is defined to use a | |||
* cryptographically secure random generator. | |||
*/ | |||
seckey = UUID.randomUUID().toString(); | |||
streamVariableToSeckey.put(variable, seckey); | |||
} |