WARNING: authenticity_token doesn't work when using security tools for testing

instructure / canvas-lms

The open LMS by Instructure, Inc.

https://github.com/instructure/canvas-lms/wiki

GNU Affero General Public License v3.0

5.43k stars 2.43k forks source link

WARNING: authenticity_token doesn't work when using security tools for testing #2176

Closed huangdengpan closed 1 year ago

huangdengpan commented 1 year ago

In the login page, we used security tools to test login function, tested times with lots of passwords and same authenticity_token value. It login success after times. o(╯□╰)o

huangdengpan commented 1 year ago

should flush authenticity_token history from the canvas server after login action ?