CI4 csrf_field not generate same value as csrf_hash |
I'm trying to implement csrf validation in my form.
based on my understanding, we just compare the csrf hash from view/post with the csrf in backend/controller.
so, i tried to use
Code: <?= csrf_field() ?> Code: if ($this->request->getPost(csrf_token()) === csrf_hash()) { result: the hash value is different.
but it wont be an issue if i use
Code: csrf_token() and csrf_hash() how to solve this or do the validation bt using the csrf_field? as per documentation, it only stated the way we can retrieve the value with the same exact thing that I've done.
fyi, I'm not using Code: form_open()
You need to store the value in a cookie or session to match it against the post.
Take a look at the CSRFVerify() function in system/Security/Security works.
Have you looked at the Security Class documentation? The functionality to use CSRF is already builtin.
|
Welcome Guest, Not a member yet? Register Sign In |