CSRF Problem

[eluser]Igor Couto[/eluser]
I have just cloned the latest stable branch ('2.1-stable') of CI directly from GitHub, then setup MAMP to serve the site.
I opened 'application/config/database.php' and entered my db credentials, then opened 'application/config/config.php' and entered basic setup settings. These were:

* set basepath
* set encryption key
* turn global XSS protection ON
* turn CSRF protection ON
* set cookie variables and turn cookie encryption ON

I then proceeded to do the introductory tutorial, from the User Guide. When I reach the 'Create news item' section, however, I get the same error, without fail: "the action you have requested is not allowed'.

After much googling, I found similar reports that suggested trying to play with the COOKIE VARIABLE settings in config.php. I discovered that in my case it was the 'cookie_prefix' that was the culprit. If $config['cookie_prefix'] is set to anything but empty, it triggers the error. As soon as I change it back to empty, it all works - encryption, CSRF, everything.

This may not be the *only* issue involved in this problem, considering that others have already pointed out problems with the session library, etc. - but it seems to work in my setup. I hope this may help core programmers and contributors pinpoint what the issue is! :-)