This is how you first get your token name and hash, true
PHP Code:
$.ajax({
type: "POST",
url: post_url,
data: {"<?= $this->security->get_csrf_token_name(); ?>" : "<?= $this->security->get_csrf_hash(); ?>"},
//some more
success: function(fields){
//do operation
}
});
But once you post, the hash changes, so now your hardcoded one in your js is no longer valid, hence your error.
What you have to do is get the new hash, and change either your js or a reference to the hash.
In the past I have done this in different ways. You could have a field such as <input type="hidden" name="hash" value=""> that you fill the value with the hash value when you first load the page. On subsequent js posts, finish with a js function call to something like refresh_token. That function would get the current hash and refill the value in the hidden field. Your js posts should query that field to get the hash in the first place, rather than being set in the js itself.
Another way is to have a js global value set to the hash value, and your refresh token call simply changes the global variable, that other js functions refer to.
Either way, whenever you post, you need to update the value of the hash your js functions refer to.
Hope that helps,
Paul.
PS I prefer to return the new hash in my js, because in that way I know the requesting ajax has a working/valid hash in the first place. So my js is more like:
Quote:function do_something()
{
// get hash from hidden field
// post something
// check return for success or fail
// if fail show error
// if success do whatever
// refresh hash in page with returned new hash value
}