[Solved] Any thing better than CSRF |
(12-17-2016, 02:30 AM)Diederik Wrote: I remember I ran into such an issue a while ago. Turned out I made some misrake where it ran form / csrf validation twice. So the first check regenerated the csrf key so the secind pass would always return false... Perhaps you could try finding such a case in your code. To trace this case I put some debug echo code in the core form validation/csrf files. Hello, I have found this which redirects back to page instead of showing CSRF error is that safe? Found here https://github.com/benedmunds/CodeIgnite...t-60716698 PHP Code: <?php
There's only one rule - please don't tell anyone to go and read the manual. Sometimes the manual just SUCKS!
Can you verify that the CSFR cookies are set at all in your browser? If they dont exists it could be that you have enabled secure cookies in your config file and use a unsecured connection. With this setting cookies only get placed if you use a secure connection (https://).
Code: $config['cookie_secure'] = FALSE; *edit: I missed you posted your config file. And please turn on your log to see what is happening. Be default it gives you some details on when CSFR cookies are places and verified. If you need more information to debug your issue properly then extend the class and alter some functions and add more logging statements in the code. PHP Code: <?php
I think I have found solution now.
I don't get CSRF error now when I use form helper functions like example PHP Code: <?php echo form_open_multipart('controller/function');> If I have input like below then the CSRF error will show PHP Code: <?php echo form_open_multipart('controller/function');> So I think it's best to use all form helper functions I can now use $config['csrf_regenerate'] = TRUE; with out error showing and Not extending Security PHP Code: $config['csrf_protection'] = TRUE;
There's only one rule - please don't tell anyone to go and read the manual. Sometimes the manual just SUCKS!
|
Welcome Guest, Not a member yet? Register Sign In |