Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion CSRF Cookie Enhancements
CSRF Cookie Enhancements
  • El Forum
    Guest
  •  
#1
12-15-2010, 01:31 PM

[eluser]oliverkalen[/eluser]
I recently switched to the CI 2.0 branch for a new project. The Cross Site Request Forgery cookie token is a very useful addition to the core, however is would be nice to have some additional configuration options, like those of the session cookie variables.

Specifically, it would be nice to be able to set the expiration time, cookie name, and the hash string (information that you wish to hash and verify like ip, useragent). Thoughts?
  • El Forum
    Guest
  •  
#2
12-15-2010, 04:01 PM

[eluser]pickupman[/eluser]
Just extend the classes (security and session), and you can do this. It would be nice to turn this on or off based on 3rd party services using postbacks. You can't set a cookie on a remote server, and postbacks will fail.
  • El Forum
    Guest
  •  
#3
12-15-2010, 04:06 PM

[eluser]oliverkalen[/eluser]
Quote:Just extend the classes (security and session), and you can do this.

Thanks for the quick reply. I am considering doing so. I thought it might be a nice addition to the core, and worth mentioning if others have had the same consideration.




Theme © iAndrew 2016 - Forum software by © MyBB