Login

scalar1 · 07-25-2015, 08:59 AM

When $config['csrf_protection'] = TRUE,
if I search the site via a search form, click on a search result and then clicks on the browser back button,
the browser says: "Webpage has expired"

$config['csrf_regenerate'] = FALSE !

if I set $config['csrf_protection'] to TRUE it solves the problem, but obviously this is not a good idea...

Avenirer · 07-27-2015, 01:54 AM

how did you create the form? with form_open()?

Website: http://avenir.ro

Iman · 07-29-2015, 09:22 AM

how solve it still show on page view source.....

scalar1 · 07-30-2015, 12:37 AM

(07-27-2015, 01:54 AM)Avenirer Wrote: how did you create the form? with form_open()?

Yes

spjonez · 07-31-2015, 08:25 AM

Set csrf_regenerate to false otherwise the token stored in your page will be invalid when they click back. http://security.stackexchange.com/questi...rm-request see first reply.

ben_ci · 02-29-2024, 08:01 PM

I am working on a old project in CI3.
Added a form and enabled csrf protection.
For chrome and firefox, the form gets submitted and it’s working well. But for safari
It’s showing “ The action you have requested is not allowed.”
i set $config['csrf_regenerate'] = FALSE;

Safari generate new token every time i refresh the page.

3rd party cookies also enabled in the settings.

Any idea?

Thanks!

***kenjis*** · 03-01-2024, 05:09 PM

This? https://github.com/bcit-ci/CodeIgniter/issues/6134
https://github.com/bcit-ci/CodeIgniter/c...8295537076

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper