| Multple CSRF token? |
(03-01-2015, 10:52 AM)spjonez Wrote: If you're using CI3 set csrf_regenerate to false, echo the name/hash into an input and send it along with each request. Regenerating the token brings almost 0 security advantage and any concurrent requests will break if you have it set to true. If a user clicks the back button and tries to resubmit a form it will break as well as the token will be stale. woow this is awesome for me  but i this way what about security? if i set it to TRUE, how my much be secure?
|
| Messages In This Thread |
|
Multple CSRF token? - by rakibtg - 02-21-2015, 04:50 AM
RE: Multple CSRF token? - by Avenirer - 02-22-2015, 01:51 PM
RE: Multple CSRF token? - by 02DClarke - 02-22-2015, 05:58 PM
RE: Multple CSRF token? - by rakibtg - 03-01-2015, 03:30 AM
RE: Multple CSRF token? - by spjonez - 03-01-2015, 10:52 AM
RE: Multple CSRF token? - by rakibtg - 03-03-2015, 11:02 AM
RE: Multple CSRF token? - by nasser.man - 04-06-2015, 12:06 PM
|
