On Wed, 2010-09-01 at 10:14 -0400, Paul W. Frields wrote:
Yay, now I can perform a CSRF attack on you if you still have that
browser session open. Symfony shouldn't be putting the token in the URL
where it will get accidentally bookmarked or shared. I may file a bug.
--
Matt