• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
csrf_protection bug. Cant make it work

#11
[eluser]CroNiX[/eluser]
And before I also suggested removing the underscore from all cookie names, not just the csrf token cookie name.

Regular cookies (session) too

#12
[eluser]rei[/eluser]
Code:
$config['cookie_prefix'] = "";
$config['cookie_domain'] = "";
$config['cookie_path']  = "/";
$config['cookie_secure'] = FALSE;

I also tried using this:
Code:
$config['cookie_prefix'] = "stalkme";
$config['cookie_domain'] = "elementfx.com";
$config['cookie_path']  = "/";
$config['cookie_secure'] = FALSE;

But still no luck

#13
[eluser]rei[/eluser]
I'm not using underscores in my session variables sir, because my session variables are just one word.

#14
[eluser]CroNiX[/eluser]
Your session config... I didn't mention anything about your variables.

#15
[eluser]rei[/eluser]
is this what you mean sir?
Code:
$config['sess_cookie_name'] = 'cisession';

I removed the underscore. Still no luck.

#16
[eluser]rei[/eluser]
UP. hello, anyone already knows a solution for this?

#17
[eluser]InsiteFX[/eluser]
Couple of things you can try.

Code:
// add this to your controller:

    $data = array(
        'csrf_hash' => $this->security->get_csrf_hash(),
        'csrf_name' => $this->security->get_csrf_token_name()
    );

// And change the hidden form field in your view to this:

<input type="hidden" name="<?php echo $csrf_name; ?>" value="<?php echo $csrf_hash; ?>" />

Well check your IE cookie settings, IE has default cookie restrictions like not allowing session cookies.

1) IE menu click on Tools button then Internet options.
2) Click on the Privacy tab then click on the Advanced button.
3) Check the Override automatic cookie handling.
4) First-party Cookies Accept.
5) Third-party Cookies Accept.
6) Check the Always allow session cookies.

NOTES:

Beware of underscores in the hostname, because IE won't save cookies.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.