migration from 3.1 to 4.5 #355

Ethan47345 · 2025-07-29T03:11:35Z

Ethan47345
Jul 29, 2025

Greetings！
I need to upgrade from 3.1 to 4.5. Should I just follow the files in the csrfguard-test-jsp directory? for example, web.xml and .properties files. If so, the tag configuration in web.xml

<listener>
	<listener-class>org.owasp.csrfguard.CsrfGuardHttpSessionListener</listener-class>
</listener>

doesn't seem to match up. there is no such class in the directory org.owasp.csrfguard

Answered by forgedhallpass

Aug 5, 2025

Hello @Ethan47345,

Have you taken a look at the bundled test application in this repository? That should be a good enough starting point.
Starting from version 4.x I've added support for stateless applications, hence all the logic required for stateful application support has been moved to a separate maven module.

The CsrfGuardHttpSessionListener class is still present, but under the csrfguard-extension-session module.

View full answer

forgedhallpass · 2025-08-05T16:06:49Z

forgedhallpass
Aug 5, 2025
Maintainer

Hello @Ethan47345,

Have you taken a look at the bundled test application in this repository? That should be a good enough starting point.
Starting from version 4.x I've added support for stateless applications, hence all the logic required for stateful application support has been moved to a separate maven module.

The CsrfGuardHttpSessionListener class is still present, but under the csrfguard-extension-session module.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

migration from 3.1 to 4.5 #355

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

migration from 3.1 to 4.5 #355

Uh oh!

Uh oh!

Ethan47345 Jul 29, 2025

Replies: 1 comment

Uh oh!

forgedhallpass Aug 5, 2025 Maintainer

Ethan47345
Jul 29, 2025

forgedhallpass
Aug 5, 2025
Maintainer