Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming CSRF cookie name = token name!
CSRF cookie name = token name!
  • El Forum
    Guest
  •  
#3
02-05-2011, 05:50 AM

[eluser]arbme666[/eluser]
I posted it in Bug Tracker I got a replied with...

Quote:No, the token name is used for the cookie, this merely ensures that the application cookie prefix setting is being observed.

I still think it is wrong as what is the point in having $config['csrf_cookie_name'] in config.php if it is overwritten by $config['csrf_token_name'] later in Security.php.

The comment for it reads that it should be the token name that is appended not the cookie name.

Code:
// Append application specific cookie prefix to token name
$this->csrf_cookie_name = (config_item('cookie_prefix')) ? config_item('cookie_prefix').$this->csrf_token_name : $this->csrf_token_name;

Edit the Security.php file like above if you what to use $config['csrf_cookie_name'] as the actual name of the CSRF cookie.

Thanks


Messages In This Thread
CSRF cookie name = token name! - by El Forum - 02-04-2011, 02:34 PM
CSRF cookie name = token name! - by El Forum - 02-04-2011, 04:12 PM
CSRF cookie name = token name! - by El Forum - 02-05-2011, 05:50 AM
CSRF cookie name = token name! - by El Forum - 02-05-2011, 07:50 PM
CSRF cookie name = token name! - by El Forum - 02-06-2011, 12:55 PM



Theme © iAndrew 2016 - Forum software by © MyBB