Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help CSRF and double posting
CSRF and double posting
  • Offline PaulD
    Posting Freak
  • *****
  • Posts: 1,061
    Threads: 42
    Joined: Mar 2015
    Reputation: 73
#4
06-19-2016, 01:00 AM

Sorry to double post.

It seems that the reset is done immediately after a check, so it cannot be because of that. So why does the second post after a double click succeed?

PHP Code:
security.php ~L226...
        // Do the tokens exist in both the _POST and _COOKIE arrays?
        if ( ! isset($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name])
            OR $_POST[$this->_csrf_token_name] !== $_COOKIE[$this->_csrf_cookie_name]) // Do the tokens match?
        {
            $this->csrf_show_error();
        }

        // We kill this since we're done and we don't want to polute the _POST array
        unset($_POST[$this->_csrf_token_name]);

        // Regenerate on every submission?
        if (config_item('csrf_regenerate'))
        {
            // Nothing should last forever
            unset($_COOKIE[$this->_csrf_cookie_name]);
            $this->_csrf_hash NULL;
        } 

I didn't think it would be a CI issue. I must be doing something daft.

Maybe I should come back to this later Sad
Reply


Messages In This Thread
CSRF and double posting - by PaulD - 06-18-2016, 11:03 PM
RE: CSRF and double posting - by skunkbad - 06-19-2016, 12:05 AM
RE: CSRF and double posting - by John_Betong - 06-20-2016, 09:25 PM
RE: CSRF and double posting - by skunkbad - 06-20-2016, 10:55 PM
RE: CSRF and double posting - by PaulD - 06-19-2016, 12:43 AM
RE: CSRF and double posting - by PaulD - 06-19-2016, 01:00 AM
RE: CSRF and double posting - by PaulD - 06-19-2016, 03:19 AM
RE: CSRF and double posting - by skunkbad - 06-19-2016, 09:30 AM
RE: CSRF and double posting - by PaulD - 06-19-2016, 03:06 PM
RE: CSRF and double posting - by skunkbad - 06-19-2016, 03:35 PM
RE: CSRF and double posting - by PaulD - 06-19-2016, 05:59 PM
RE: CSRF and double posting - by spjonez - 06-20-2016, 11:18 AM
RE: CSRF and double posting - by Narf - 06-20-2016, 12:26 PM
RE: CSRF and double posting - by spjonez - 06-20-2016, 12:37 PM
RE: CSRF and double posting - by Narf - 06-20-2016, 01:49 PM
RE: CSRF and double posting - by spjonez - 06-20-2016, 02:32 PM
RE: CSRF and double posting - by PaulD - 06-20-2016, 01:46 PM
RE: CSRF and double posting - by PaulD - 06-20-2016, 04:02 PM
RE: CSRF and double posting - by spjonez - 06-20-2016, 07:00 PM
RE: CSRF and double posting - by Narf - 06-21-2016, 03:38 AM
RE: CSRF and double posting - by spjonez - 06-21-2016, 08:54 AM
RE: CSRF and double posting - by Narf - 06-22-2016, 05:14 AM
RE: CSRF and double posting - by Martin7483 - 06-23-2016, 03:35 AM



Theme © iAndrew 2016 - Forum software by © MyBB