wrong csrf cookie name? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: wrong csrf cookie name? (/showthread.php?tid=40843) |
wrong csrf cookie name? - El Forum - 04-20-2011 [eluser]coolgeek[/eluser] I'm setting my csrf cookie and token in config.php as follows: Code: $config['csrf_token_name'] = 'csrf_token'; On my dev site, everything works fine. When I view the cookies on my prod site, the cookie is named ci_csrf_token. Why isn't it named csrf_token? Other cookie config (with domain name changed, but structurally representative). Code: $config['cookie_prefix'] = ""; Thanks wrong csrf cookie name? - El Forum - 04-29-2011 [eluser]Unknown[/eluser] I've had the same problem. When I checked the core "Security" class I noticed it never uses those two config values. In the constructor the cookie prefix is added but it doesn't use the "csrf_token_name" and "csrf_cookie_name" config values. I added the following two lines to the constructor to solve this: $this->_csrf_token_name = config_item('csrf_token_name'); $this->_csrf_cookie_name = config_item('csrf_cookie_name'); But this seems to be a bug no? wrong csrf cookie name? - El Forum - 04-29-2011 [eluser]coolgeek[/eluser] Yes, thanks. It's a known bug. The problem was that I had rolled back to 2.0.1 in my dev environment, but had not yet done so in my prod environment (which isn't actually in production yet) |