Welcome Guest, Not a member yet? Register   Sign In
Session expired problem
#1

Ion_auth 3 / CI 3.1.9 / PHP7.1.7

If my site is showing one of its forms and I wait to submit it until the session has expired, I get this error:

**An Error Was Encountered The action you have requested is not allowed.**

I am expecting to be logged out instead of having this error
I use csrf protection, but my forms is working properly if they are submitted before the session has expired.
Also, I use
Code:
form_open()
to ensure that csrf protection is working properly.

config.php:

Code:
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_sitecom_name';
$config['csrf_cookie_name'] = 'csrf_sitecom_cookie';
$config['csrf_expire'] = 7200;
 
ion_auth.php:
Code:
$config['remember_users']             = TRUE;                // Allow users to be remembered and enable auto-login
$config['user_expire']                = 86500;               // How long to remember the user (seconds). Set to zero for no expiration - see sess_expiration in CodeIgniter Session Config for session expiration
$config['user_extend_on_login']       = FALSE;  
Reply
#2

That is the usually message for a CSRF verification failure. Per your settings, the CSRF cookie expires after 7200 seconds (2 hours). You may well be logged out, but CSRF is checked before any other processing happens and once the fail is caught execution of the script ends.
Reply
#3

(05-08-2019, 08:32 AM)dave friend Wrote: That is the usually message for a CSRF verification failure. Per your settings, the CSRF cookie expires after 7200 seconds (2 hours). You may well be logged out, but CSRF is checked before any other processing happens and once the fail is caught execution of the script ends.
Thanks, Dave, your answer lead me to this article:
http://www.johnkieken.com/how-to-handle-...left-open/
I will check it out, it seems that it is possible to redirect to the login page which is good enough for me.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB