• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CSRF and Browser Cookie Settings

#11
Tokens are not part of the session. They have their own cookie.
Reply

#12
Thanks Skunkbad. I can see the cookie, I modified the code and the values look good. The one issue I am having is that when I submit an AJAX request, it is now returning with the current url as part of the response. I.e. my normal response would be {"status":"X"} but now I receive https://www.mywebsite.com/rate?{"status":"X"}
Reply

#13
I don't know what that would be. Looks like you'll need to debug.
Reply

#14
Resolved.

In MY_Controller I was previously checking if the tokens matched like if($this->tokens->match == FALSE){}, I changed to if(!$this->tokens->match){} and this removed the URL prefix on my JSON response and the scripts now works again.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2017 MyBB Group.