Welcome Guest, Not a member yet? Register   Sign In
Generate CSRF token during Exceptions handling
#1

My website heavily uses Ajax POST requests. To make use of the built-in CI CSRF protection, I include the current CSRF token in the request parameters and return a new token in every (successful) Ajax response. Works fine, all good.

However I have difficulties returning the new CSRF token in error-cases, i.e. 404 file not found or 500 server error. As I had extended the CI core Exceptions class to overload show_error() already (to return an error message in JSON style in case the request is an Ajax request), my idea was to include a new CSRF token in this response as well. 

Problem: the Security class to generate the new CSRF token ($this->security->get_csrf_hash();) has not been instantiated yet :-( Also even the Controller may not be available yet, so that "$CI =& get_instance();" errors out as well.
Obviously I also don't want to create a completely new security instance (as this would generate a new CSRF token incompatible to the original instance), but I need to access my existing session's security instance. How can I achieve that?

P.S.: I know that I can switch off CSRF token regeneration, but this only works around the symptom and comes with lower security.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB