Welcome Guest, Not a member yet? Register   Sign In
when csrf is true only works in firefox and not in other browser

[eluser]Javier Fonseca[/eluser]
Quote:Did you try to avoid special characters:

'Contraseña' => md5($this->input->post('password')), // ñ -> n
Maybe that causes the error?

That's the name of the database field.

This is kinda magic, i'm just hunting this problem since 2 hours also....

was only testing in FF and now realized getting this weird errors in others... having exact same problem as initial poster.

I checked that the csrf token is in the form and that it gets transmitted. but getting "invalid".

Well seems i need to dive in to debug this myself... but first i will try that cookie underscore trick....

OK, now i'm confused....

i'm still debugging but it seems that all other browsers are not storing the cookies.

currently testing with firefox and chrome.

stupid little test...

public function index(){
        $cookie = array(
            'name'   => 'sabber',
            'value'  => 'The Value',
            'expire' => '86500',
            'secure' => TRUE


        var_dump( $_COOKIE );

firefox even with firebug shows the cookies
chrome does not, neither the dump nor the chromes console....

oh and before you ask, cookies are allowed. Also the reponse header from the server looks ok, sending the cookies.

Content-Type:text/html; charset=utf-8
Date:Thu, 07 Jul 2011 03:40:41 GMT
Keep-Alive:timeout=15, max=100
Server:Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch
Set-Cookie:ci_csrf_token=03a94ba1fb5a1706da8922c46593a4c0; expires=Thu, 07-Jul-2011 05:40:41 GMT; path=/
sessions=a:4:{s:10:"session_id";s:32:"28f15fcd92e76754265a853a9610c28b";s:10:"ip_address";s:13:"";s:10:"user_agent";s:50:"Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/53";s:13:"last_activity";i:1310010041;}69fba62d1b15e9c3d8b65bb92a602323; expires=Thu, 07-Jul-2011 04:40:41 GMT; path=/
sabber=The+Value; expires=Fri, 08-Jul-2011 03:42:21 GMT; path=/; secure

and a question, regarding this settings mentioned above
| Cross Site Request Forgery

$config[‘csrf_protection’] = TRUE;
$config[‘csrf_token_name’] = ‘csrf_test_name’;
$config[‘csrf_cookie_name’] = ‘csrf_cookie_name’;
$config[‘csrf_expire’] = 7200;

they seem kinda useless to me, because the CI_Security class is not reading the csrf xxx_names from config but hardcoding it. I didn't found an occurence where it might get overwritten, even oferwriting them on myself via config doesn't change them at all...

ok solved....

for some reason the servers time was 6 hours behind... however, why the heck can this happen?
server creates session
server gets triggered on actions and can refresh time

no need to ever ask the client for his time...


Quote:The Session class permits you maintain a user's "state" and track their activity while they browse your site. The Session class stores session information for each user as serialized (and optionally encrypted) data in a cookie.

what do you want to say with that?
i know what a session is doing, just mentioning this can be done without being dependant on clients time this was the root of the above problem, at least on my side.

Hello Treeda,

Can you please explain me how can you solve this issue.
I have the same issue about the cookie which are not getting set on the 'Google Chrome' and working fine in the 'Firefox'.


Hello all,

I have tried all the tricks explain in the thread but no success. Please explain in detail how to tackle this issues.
Why Google chrome does not stores the cookie??
Please any help is greatly appreciated.
Thank you.

Theme © iAndrew 2016 - Forum software by © MyBB