CSRF and double posting |
06-18-2016, 11:03 PM
(This post was last modified: 06-18-2016, 11:09 PM by PaulD. Edit Reason: Added clarification )
Hi,
I have the latest CI and CSRF is enabled and working. But I noticed that if I double click really, really quickly, on the submit button, I can still post twice. In this case I am submitting to a controller that, upon success, redirects and refreshes to another controller. I thought, because the CSRF was regenerated, the second submit would not work. To prevent this, because it is annoying me now, do I have to resort to some javascript to prevent the double click? Just in case I am doing something wrong (although I am pretty sure I am not), here is my CSRF config: PHP Code: $config['csrf_protection'] = TRUE; And the form is outputting the CSRF code: Code: <form action="...my url..." method="post" accept-charset="utf-8"> Am I just tired and doing something daft? Or is the very quick double click a separate issue entirely? After all, the CSRF stops other people faking posts, not double clicks. But shouldn't the regenerated token prevent it? Thanks in advance, Paul. |
Welcome Guest, Not a member yet? Register Sign In |