CodeIgniter v4.5.0 Released!

Why the env file has been changed after CI V4.5?

In before CI version ( < v4.5) env file contains 

• Session
  
• Cookie
  
• HoneyPot
  
• And etc..
  

But the current version of env file dosen't have these, why?

Can i use the previuos env file to the CI v4.5 ?

> Can i use the previuos env file to the CI v4.5 ?

Don't worry. There is no change. Yes, you can.

First of all, we should use .env only to values that are changed in development environment.
If the values are the same in both production and development environment,
we should set the values in Config classes.

Therefore, we don't need many config items in .env file.

Also parsing .env file by PHP takes time. So it is better to have small .env file.

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper

@warcooft If you use Shield, use v4.4.8. It does not work with 4.5.0 yet.

Hi ... when do you anticipate Shield will be compatible with 4.5?

@Showti11 When it is ready.

You can use develop branch while wait for new release https://codeigniter.com/user_guide/insta...latest-dev
and help us give more feedback in case of any regression.

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper

In HTML, the csrf takes token name from Config\Security.php

PHP Code:

<form action="http://localhost:8080/search" id="search-form" method="post" accept-charset="utf-8">
<input type="hidden" name="csrf_test_name" value="15910e74e94cb29c0fbefec3f5c0c7d2"> 


But in Cookie section (browser), the csrf takes cookie name from Config\Security.php

=> csrf_cookie_name
=> 15910e74e94cb29c0fbefec3f5c0c7d2

Is it ok to use?

Thank you in advance @kenjis for the past replies

@LP_bnss I don't get what you want to know.
$tokenName is CSRF Token Name. That is, the POST field name.
$cookieName is CSRF Cookie Name. The name for the cookie.

But if you are using Session, you should use Session based CSRF protection.
https://codeigniter4.github.io/CodeIgnit...on-methods
Because Session based CSRF protection is more secure than Cookie based CSRF protection.

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper

@LP_bnss I don't get what you want to know.
$tokenName is CSRF Token Name. That is, the POST field name.
$cookieName is CSRF Cookie Name. The name for the cookie.

But if you are using Session, you should use Session based CSRF protection.
https://codeigniter4.github.io/CodeIgnit...on-methods
Because Session based CSRF protection is more secure than Cookie based CSRF protection.

My point is, when i run the app the csrf_field in html form takes the $tokenName from Security class.
And the csrf_field in browser cookie section takes the $cookieName from Security class.

Both names are different and the values are same, so my question is, if i use this way (different names) it makes any problem or not.

Now I can understand. I am using session based csrf onwards...
Thank you brother?

Both names are different and the values are same, so my question is, if i use this way (different names) it makes any problem or not.

No problem.

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper

I'm using CI 4.4.4 and was about to update to 4.5.1

i'm use to duckduckGo -> codeigniter 4 and in results use https://codeigniter.com/user_guide/insta...ading.html
but did not found 4.5.1 in the list.
The codeigniter.com site is not in sync with https://codeigniter4.github.io/userguide...ading.html ?

if this is a known probleme please forgive me

@eelisland It is a known problem.

Note: Unfortunately now the User Guide on the official site is not yet updated due to the deployment trouble.

https://github.com/codeigniter4/CodeIgni...ssues/8757

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper