CSRF and Browser Cookie Settings |
Tokens are not part of the session. They have their own cookie.
Thanks Skunkbad. I can see the cookie, I modified the code and the values look good. The one issue I am having is that when I submit an AJAX request, it is now returning with the current url as part of the response. I.e. my normal response would be {"status":"X"} but now I receive https://www.mywebsite.com/rate?{"status":"X"}
I don't know what that would be. Looks like you'll need to debug.
Resolved.
In MY_Controller I was previously checking if the tokens matched like if($this->tokens->match == FALSE){}, I changed to if(!$this->tokens->match){} and this removed the URL prefix on my JSON response and the scripts now works again.
(11-19-2017, 02:43 PM)skunkbad Wrote: 1) When you use the form_open function or generate a new token using $this->tokens->token(), the token is automatically added to the tokens cookie. See the "Tokens Cookie Config" section on this page: Skunkbad, The new tokens are working OK except for the Community Auth login. I notice the form has a token called "login_token". I could not figure out where to change this so I modified my login form to include the additional hidden field with my token name and the generated value. I see both hidden token fields but I still cannot login. I do not receive any error messages either and there are no errors in the log. Where can I change the Community Auth login form token name to use the CI token name in config? |
Welcome Guest, Not a member yet? Register Sign In |