Expired session & csrf_protection - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: Expired session & csrf_protection (/showthread.php?tid=52175) |
Expired session & csrf_protection - El Forum - 05-31-2012 [eluser]ci_user[/eluser] Does anybody know a way to show something other than a server error page when a session is expired and a form is submitted with csrf_protection enabled? Expired session & csrf_protection - El Forum - 05-31-2012 [eluser]CroNiX[/eluser] The way they coded it, the only way is to extend the CI_Security class and override the csrf_show_error() method with your own. Expired session & csrf_protection - El Forum - 06-01-2012 [eluser]ci_user[/eluser] [quote author="CroNiX" date="1338495649"]The way they coded it, the only way is to extend the CI_Security class and override the csrf_show_error() method with your own.[/quote] Ok, I'm trying that but how can I redirect in the csrf_show_error method? Code: public function csrf_show_error() Code: public function csrf_show_error() Am I missing something? Expired session & csrf_protection - El Forum - 06-01-2012 [eluser]CroNiX[/eluser] Yeah, CI isn't fully loaded at that point, so that helper function (or the loader class) isn't available yet. Just set a real header() using regular php. Expired session & csrf_protection - El Forum - 06-01-2012 [eluser]ci_user[/eluser] I did consider that, but when I try that it appears to bypass csrf protection all together. Code: public function csrf_show_error() This code doesn't redirect the page but allows the form to submit without a valid session. I did find a kind of hacky way to make it work: Code: public function csrf_show_error() [removed] = script tags. Surely there is a better way? |