I'm trying to validate the CSRF cookie against the CSRF token name when processing a form.
I'm using form_open(); and can see the hidden CSRF input field but can't access it...
$this->input->post($this->security->get_csrf_token_name()) is always empty. Why?
I'm clearly sending the variable as seen by $this->input->raw_input_stream;
Any ideas why I can't access if via POST directly?
This doesn't work:
PHP Code:
if($this->input->post($this->security->get_csrf_token_name(), TRUE) == get_cookie($this->config->item('csrf_cookie_name') , TRUE) ) {
}
I'm doing this below instead, and it's working fine, but really curious why the above version doesn't work
PHP Code:
if($this->security->get_csrf_hash() == get_cookie($this->config->item('csrf_cookie_name') , TRUE) ) {
}
Thanks!