Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Why does CSRF cookie name = token name?
Why does CSRF cookie name = token name?
  • El Forum
    Guest
  •  
#1
02-04-2011, 02:06 PM

[eluser]arbme666[/eluser]
Hi,

I am just wondering why the cookie name is the same as I set for $config['csrf_token_name']. My config file looks like this.

Code:
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';

So I thought the name of the cookie would be 'csrf_cookie_name' but its 'csrf_test_name' or am I being stupied & missing something?

Thanks
  • El Forum
    Guest
  •  
#2
02-04-2011, 02:26 PM

[eluser]arbme666[/eluser]
Ok I found this is Security.php in __construct()

Code:
// Append application specific cookie prefix to token name
$this->csrf_cookie_name = (config_item('cookie_prefix')) ? config_item('cookie_prefix').$this->csrf_token_name : $this->csrf_token_name;

Should it not be...

Code:
// Append application specific cookie prefix to token name
$this->csrf_token_name = (config_item('cookie_prefix')) ? config_item('cookie_prefix').$this->csrf_token_name : $this->csrf_token_name;

Thanks




Theme © iAndrew 2016 - Forum software by © MyBB