CodeIgniter Forums

Full Version: csrf protection via ajax
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I have 4 ajax call in a page having 4 different forms for csrf protection. But not working with ajax. Please help me out for csrf protection with more than one call of ajax in a single page.
(01-12-2018, 03:03 AM)nitin.d12 Wrote: [ -> ]I have 4 ajax call in a page having 4 different forms for csrf protection. But not working with ajax. Please help me out for csrf protection with more than one call of ajax in a single page.

Tell me if this is the situation.

You have this in config.php
PHP Code:
$config['csrf_regenerate'] = TRUE

And the four ajax calls are "POST" requests. The first request works but the rest fail.

Right?

If so, the issue is with
PHP Code:
$config['csrf_regenerate'] = TRUE

That's the right and proper thing to do but it complicates multiple ajax calls. What happens is that every time a "POST" request is made a new csrf hash is created. You will have to return the new hash and incorporate it into your next ajax call. It also means that you will have nest the ajax calls so that the next one cannot run until the current call returns.

More advice that that will require you sharing some code.