A request has been denied as a potential CSRF attack.”
当输入账号和密码,点击登录,出现“session error”。
后来在网上发现了这个问题解决办法。
在web.xml配置文件中修改dwr的配置:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"><welcome-file-list><welcome-file>/qiantai/index1.jsp</welcome-file></welcome-file-list><servlet><servlet-name>dwr-invoker</servlet-name><servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class><init-param><param-name>debug</param-name><param-value>true</param-value></init-param><init-param><param-name>activeReverseAjaxEnabled</param-name><param-value>true</param-value></init-param><init-param><param-name>initApplicationScopeCreatorsAtStartup</param-name><param-value>true</param-value></init-param><init-param><param-name>maxWaitAfterWrite</param-name><param-value>500</param-value></init-param><init-param><param-name>crossDomainSessionSecurity</param-name><param-value>false</param-value></init-param><load-on-startup>1</load-on-startup></servlet><servlet-mapping><servlet-name>dwr-invoker</servlet-name><url-pattern>/dwr/*</url-pattern></servlet-mapping></web-app><init-param><param-name>crossDomainSessionSecurity</param-name><param-value>false</param-value></init-param><load-on-startup>1</load-on-startup></servlet><servlet-mapping><servlet-name>dwr-invoker</servlet-name><url-pattern>/dwr/*</url-pattern></servlet-mapping></web-app>
在配置文件中一定要加上这句话,问题就可以解决
<init-param> <param-name>crossDomainSessionSecurity</param-name> <param-value>false</param-value> </init-param>
配置好之后,然后重新启动服务器,就可以登录成功。