CSRF Token with ajax |
Hi, I wanna make a user edit page, a page that use ajax to save settings.
Also on that page I would like to use csrf protection. So .. on my form I use: <?php echo form_hidden($csrf); ?> to generate the code: Code: <input type="hidden" name="nDR0S3dw" value="xVcuF6swebLtUEJySNW3" /> //for example. When I press save changes first time works great ... but second time will fail because the token generates every refresh and if I will not refresh the page with the form I will have same token on the hidden input. The function that verify the token is on the picture attached and is the one from ion auth library. I found a resolutin but is still secure? I attached 2 new screenshots.
I can't tell if this is what you are doing, but, generally speaking, I would just pass the CSRF Token name and hash (as retrieved by $this->security->get_csrf_token_name() and $this->security->get_csrf_hash()) in my response, then create the hidden input for the new token/hash pair in the AJAX success method.
Well I do the same. In my response I create in csrf div the new input hidden every time.
|
Welcome Guest, Not a member yet? Register Sign In |