Welcome Guest, Not a member yet? Register   Sign In
CSRF and Browser Cookie Settings
#10

(11-19-2017, 02:43 PM)skunkbad Wrote: 1) When you use the form_open function or generate a new token using $this->tokens->token(), the token is automatically added to the tokens cookie. See the "Tokens Cookie Config" section on this page:

https://community-auth.com/documentation...cation-php

By default the name of your POSTed token should be "token", but you can change it to any whatever you want if you find the value in config/authentication.php:

PHP Code:
$config['token_name'] = 'token'

When you POST via a form or ajax, the token needs to be posted right along with the rest of the post data. The tokens library checks to see if the posted token matches one in the cookie. ThisĀ  is a lot like the way CodeIgniter's CSRF does it, except CodeIgniter only has a single token value. There are other differences between CodeIgniter's CSRF and my tokens library, but for basic usage you will find that they are more or less working the same way.

Thanks for the reply. I am going to play around with this and see if I can get things working. I changed the token name and I can see it in the hidden form element. When I check my session in the database, I do not see a token value however.
Reply


Messages In This Thread
RE: CSRF and Browser Cookie Settings - by PaulD - 11-18-2017, 05:34 AM
RE: CSRF and Browser Cookie Settings - by Narf - 11-19-2017, 05:29 AM
RE: CSRF and Browser Cookie Settings - by reesethebeast - 11-19-2017, 05:06 PM



Theme © iAndrew 2016 - Forum software by © MyBB