[eluser]heldrida[/eluser]
Hi,
having CSRF Protection active, is not compatible with Codeignier Web Page Caching ?
I'm not sure about how CSRF work, but I supose that a «token» is set in the form and there's related «token» in the users cookie ? If so, I'm assuming that, if the form page is cached by CI native Web Page caching, the «token» will be the same for all users till there's a new refresh for the cached files. Is this truth ?
Since I'm also using Phil Sturgeon Cache, I'm caching partial data / lib / etc, I supose this is the only way to cache data without interfering with CSRF security / protection. Am I correct ?
Any comments about this is highly appreciated,
Thanks a lot for looking!
