+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: CSRF error on login (/showthread.php?tid=70885)
Pages:
1
2
RE: CSRF error on login - mfox - 06-14-2018
Interesting news on this: I increased the logging level to 4 (everything), and that didn't help much (apart from "CSRF cookie sent" there was no useful info there. But along the way, I accidentally found out that if I try to login, hit the error, go to the login screen again and logged in, it worked! I then repeated the process two more times on Edge, and once o IE.
I'm not sure what this means yet, but now I'm definitely convinced it's browser-related. It almost sounds like Edge and IE are caching the CSRF tokens from a previous login or something. Any ideas?
RE: CSRF error on login - InsiteFX - 06-14-2018
Did you use the Developer tools F12 and check the console and network tabs?
It should show you whats going on.
RE: CSRF error on login - mfox - 06-14-2018
Well as I said before, I tried the network tab, and the only new info I got was the response code (403 Forbidden), and that doesn't really help much (I never explicitly set that header in my code, so again the code that causes this seems to come from CI itself). I did not check the JavaScript console, because there is no JavaScript on the page. I did check to make sure that the hidden input field with the CSRF token was there (it was) but it's just a simple HTML form (no AJAX calls or anything that would print to the JS console).
RE: CSRF error on login - php_rocs - 06-14-2018
@mfox,
Have you tried regenerating the CSRF for every submission.
Changing the config parameter... $config['csrf_regenerate'] = TRUE;