Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming CSRF and disabled cookies
CSRF and disabled cookies
  • El Forum
    Guest
  •  
#1
07-10-2011, 03:18 PM

[eluser]Treeda[/eluser]
Hi there,

i'm currently facing an issue if you have csrf enabled but the user has cookies disabled.

The problem is that you cannot react to that. The security class is grabbing and verifying before you even have the chance to do anything in your controller.

It's very bad to show an error message to the user like
"The action you have requested is not allowed."

it should more like something "hey, you need cookies enabled".

This could be done very easily with some kind of a callback to the controllers.


Messages In This Thread
CSRF and disabled cookies - by El Forum - 07-10-2011, 03:18 PM
CSRF and disabled cookies - by El Forum - 07-10-2011, 05:56 PM
CSRF and disabled cookies - by El Forum - 07-10-2011, 06:02 PM
CSRF and disabled cookies - by El Forum - 07-12-2011, 04:55 AM
CSRF and disabled cookies - by El Forum - 07-12-2011, 04:59 AM
CSRF and disabled cookies - by El Forum - 07-12-2011, 05:17 AM
CSRF and disabled cookies - by El Forum - 07-12-2011, 05:23 AM



Theme © iAndrew 2016 - Forum software by © MyBB