Skip to content
This repository has been archived by the owner on Nov 22, 2018. It is now read-only.

Add logging to antiforgery #44

Closed
rynowak opened this issue Feb 4, 2016 · 4 comments
Closed

Add logging to antiforgery #44

rynowak opened this issue Feb 4, 2016 · 4 comments
Assignees
@ryanbrandenburg
Labels
3 - Done bug
Milestone
1.0.0-rc2

Comments

@rynowak
Copy link
Member

rynowak commented Feb 4, 2016

We should add logging

Some ideas:

  • Validating a token (verbose)
  • Validation failure / missing token (warning)

Thinking warning is right for failures, because generally this is a app configuration issue.
@Eilon Eilon added this to the 1.0.0-rc2 milestone Feb 4, 2016
@Eilon
Copy link
Member

Eilon commented Feb 4, 2016

Yeah this is hugely important, and I agree with the proposed log levels.

@ryanbrandenburg ryanbrandenburg mentioned this issue Feb 6, 2016
Merged
@rynowak
Copy link
Member Author

rynowak commented Feb 8, 2016

Had some discussion and this is what we came up with.

IsRequestValidAsync(..) will log success (debug) and failure (warning)
ValidateRequestAsync(...) will log success (debug) - failure is covered by an exception
GetAndStoreTokens(...) will log whether a token was reused or generated (debug)

@ryanbrandenburg
Copy link
Contributor

@dougbu would like to also add logging around the decisions to generate or reuse tokens in SetCookieTokenAndHeader, GetTokens->GetTokensInternal and SetCookieTokenAndHeader. Will circle back around to it after he makes the changes to that area he's working on in #23

@ryanbrandenburg ryanbrandenburg mentioned this issue Feb 12, 2016
Merged
@Eilon
Copy link
Member

Eilon commented Feb 17, 2016

Done done done done... (like, Beethoven style)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ryanbrandenburg ryanbrandenburg

Labels
3 - Done bug
Projects
None yet
Milestone
1.0.0-rc2
Development

No branches or pull requests
3 participants
@Eilon @rynowak @ryanbrandenburg