From Kyle Benson: a servlet filter to remove PS_TOKEN from the response cookie: One option is to simply disable the PS_TOKEN, and therefore prevent this vulnerability altogether! The problem is, PeopleSoft does not give us the option to disable it. I decided to come up with a proof of concept… Read More »PSEatCookies