Merge branch 'v4.2'

author: Andrew Arnott <andrewarnott@gmail.com> 2012-12-26 08:05:32 -0800
committer: Andrew Arnott <andrewarnott@gmail.com> 2012-12-26 08:05:32 -0800
commit: 3787e3dac06df104a8fbe4b2c2df02abadd63d74 (patch)
tree: a216be8fe66ba273c508a3b3f77e1e49a2557a50 /src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs
parent: 162f450a2cfb861ca5fcb36410625a7b3326494e (diff)
parent: 06fdacd94eb1a337b6822680336317357885ab48 (diff)
download: DotNetOpenAuth-3787e3dac06df104a8fbe4b2c2df02abadd63d74.zip
DotNetOpenAuth-3787e3dac06df104a8fbe4b2c2df02abadd63d74.tar.gz
DotNetOpenAuth-3787e3dac06df104a8fbe4b2c2df02abadd63d74.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs
index 4fc8687..1fdd372 100644
--- a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs
+++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs
@@ -113,7 +113,7 @@ namespace DotNetOpenAuth.OAuth2 {
 			if (this.AuthorizationTracker == null) {
 				var context = this.Channel.GetHttpContext();
 
-				string xsrfKey = (new Random()).Next().ToString(CultureInfo.InvariantCulture);
+				string xsrfKey = MessagingUtilities.GetNonCryptoRandomDataAsBase64(16);
 				cookie = new HttpCookie(XsrfCookieName, xsrfKey) {
 					HttpOnly = true,
 					Secure = FormsAuthentication.RequireSSL,
author	Andrew Arnott <andrewarnott@gmail.com>	2012-12-26 08:05:32 -0800
committer	Andrew Arnott <andrewarnott@gmail.com>	2012-12-26 08:05:32 -0800
commit	3787e3dac06df104a8fbe4b2c2df02abadd63d74 (patch)
tree	a216be8fe66ba273c508a3b3f77e1e49a2557a50 /src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs
parent	162f450a2cfb861ca5fcb36410625a7b3326494e (diff)
parent	06fdacd94eb1a337b6822680336317357885ab48 (diff)
download	DotNetOpenAuth-3787e3dac06df104a8fbe4b2c2df02abadd63d74.zip DotNetOpenAuth-3787e3dac06df104a8fbe4b2c2df02abadd63d74.tar.gz DotNetOpenAuth-3787e3dac06df104a8fbe4b2c2df02abadd63d74.tar.bz2