Been spending a great deal of time on this, have found a funny scenario that fixes this issue with expiring a cookie and some delays- but not satisfied with that hack. Going to put more work into it until i iron this out solid.
Any thoughts would be appreciated. The specific issue is at the: private void checkNotCsrfAttack(HttpServletRequest request, String sessionCookieName) located at
It is throwing a session error because nothing will return true.
GERONIMO-3746 being resolved, this JIRA will remain active to update the CSRF issue.