(11-19-2017, 02:43 PM)skunkbad Wrote: 1) When you use the form_open function or generate a new token using $this->tokens->token(), the token is automatically added to the tokens cookie. See the "Tokens Cookie Config" section on this page:
https://community-auth.com/documentation...cation-php
By default the name of your POSTed token should be "token", but you can change it to any whatever you want if you find the value in config/authentication.php:
PHP Code:
$config['token_name'] = 'token';
When you POST via a form or ajax, the token needs to be posted right along with the rest of the post data. The tokens library checks to see if the posted token matches one in the cookie. ThisĀ is a lot like the way CodeIgniter's CSRF does it, except CodeIgniter only has a single token value. There are other differences between CodeIgniter's CSRF and my tokens library, but for basic usage you will find that they are more or less working the same way.
Thanks for the reply. I am going to play around with this and see if I can get things working. I changed the token name and I can see it in the hidden form element. When I check my session in the database, I do not see a token value however.
