CI2.1.4 CRSF gives "The action you have requested is not allowed" for www subdomain |
[eluser]rossj81[/eluser]
Hi all. I'm building a site with CRSF enabled, which sometimes works and sometimes doesn't work depending on whether 'www' was entered in the URL. For example, entering 'example.com/index.php/register' works as expected. Entering 'www.example.com/index.php/register' results in a "The action you have requested is not allowed" error when posting the form. I've checked my cookies, and see that I've got 2 PHPSESSID cookies and one crsf_token cookie. The PHPSESSID for www.example.com is different to the PHPSESSID for example.com. So, I'm guessing that after getting www.example.com: 1. PHP assigns a session ID 2. CI configures a CRSF assigned to that session ID 3. Apache rewrites to example.com 4. PHP assigns a new session ID On submitting a form, CI then says, "Sorry, your sessid doesn't validate against your crsf value" Any ideas whether I'm on the right path, and if so, how I could get around this?
[eluser]rossj81[/eluser]
Fixed it. In '/application/config/config.php', line 269ish, I changed Code: $config['cookie_domain'] = ''; Code: $config['cookie_domain'] = '.example.com';
[eluser]Tim Brownlaw[/eluser]
Good stuff - thanks for the update! Cheers Tim |
Welcome Guest, Not a member yet? Register Sign In |