Re: Session creation triggered by XSS/XSRF filter

On Jun 30, 2009, at 10:26 AM, Joe Bohn wrote:

> I tried some random URIs and always received a 404 back in my tests.
>
> This could be a problem with the filter on the welcome application.  
> It currently has a context-root of "/" and the filter is registered  
> with a URL pattern of "/*".

OK, that would explain it... So, is there any reason to run XSS  
filtering on the welcome app?

--kevan