[Solved] CSRF CI3 Question

I have a question about CSRF on Codeigniter 3

When I submit any of my forms and get a error on form if I refresh page or reload page it then throws codeigniter error

Code:

The action you have requested is not allowed.

Why does that happen only when reload or refresh.

PHP Code:

$config['cookie_prefix']    = '';

$config['cookie_domain']    = '';
$config['cookie_path']        = '/';
$config['cookie_secure']    = FALSE;
$config['cookie_httponly']     = FALSE;


$config['global_xss_filtering'] = TRUE;

$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array(); 


Any Suggestions?

There's only one rule - please don't tell anyone to go and read the manual.  Sometimes the manual just SUCKS!

I guess that is related to the fact that you have CSRF enabled. But I think you've explained wrong your problem. This should happen only if you do a "Back/Previous" from your browser and then try to submit the same form again or you've tried to submit a form after a long time.

Website: http://avenir.ro

Set this:

Code:

$config['csrf_regenerate'] = FALSE;

Regenerating CSRF doesn't do a whole lot for security and causes more issues then it's worth.

@spjonez What do you mean by "doesn't do a whole lot for security"?

Website: http://avenir.ro

Set this:

Code:

$config['csrf_regenerate'] = FALSE;

Regenerating CSRF doesn't do a whole lot for security and causes more issues then it's worth.

That seem to do the trick. Not sure why that caused issue?

There's only one rule - please don't tell anyone to go and read the manual.  Sometimes the manual just SUCKS!