I have an asp.net mvc 2 project with the typical xss protection
<%=Html.AntiForgeryToken() %> inside each form and [ValidateAntiForgeryToken] on each Post action.
This works as expected in Chrome, Firefox and IE.
But I get the following error in Safari (v 5.1.7).
System.Web.Mvc.HttpAntiForgeryException: A required anti-forgery token was not supplied or was invalid.
I see the reason for the exception is the RequestValidationToken cookie that is created has an incorrect expiration date of Mon, 01 Jan 2001, while in the other browsers is is correctly set to Session.
How can I make Safari stop assigning a bogus expiration date to my Anti-Forgery cookie?
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 做自己的国王 的文章《A required anti-forgery token was not supplied or 》','https://www.manongdao.com/article-777314.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}