Welcome Guest, Not a member yet? Register   Sign In


I have an AJAX FORM that using form_open() fucntion.

If $config['csrf_protection'] = TRUE, the FORM doesnt work.
If $config['csrf_protection'] = FALSE, the FORM works fine.

Is it posibble to keep using CSRF Token in AJAX FORM?

Yes, it's possible. You have to send new csrf token in every response to the website and handle it with jquery/js

This will explain it better for you.

AJAX + CSRF Protection in Codeigniter
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )

Thanks guys

(This post was last modified: 03-22-2018, 07:52 PM by buzztomi.)

Hello guys

It looks like my ajax form stil not working well.
Here are the code

The View code

<!DOCTYPE html>
<meta charset="utf-8">
<script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"></script>
$(document).ready(function() {
$('#loginForm').submit(function(event) {
var formData = {
'<?php echo $this->security->get_csrf_token_name(); ?>' : '<?php echo $this->security->get_csrf_hash(); ?>',
'password' : $('input[name=password]').val(),
'email' : $('input[name=email]').val()
$.ajax( {
type : 'POST',
url :'<?=base_url().'user/login',
data : formData,
dataType : 'json',
encode : true,
success:function(data) {
if ( ! data.success) {
alert("Incorect login data");
}else {
alert("Correct login data");

error: function (xhr, ajaxOptions, thrownError) {
alert("ERROR:" + xhr.responseText+" - "+thrownError);

echo form_open('user/login','id="loginForm"');
echo form_input(['type' => 'email','name' => 'email','placeholder' => 'Email','required'=>'required']);
echo form_input(['type' => 'password','name' => 'password','placeholder' => 'Password','required'=>'required']);
echo '<button type="submit" form="loginForm">Login</button>';
echo form_close();

The Controller code

defined('BASEPATH') OR exit('No direct script access allowed');

class Login extends CI_Controller {
public function __construct()

public function index()

public function login() {
$noError = array();
$email=strtolower($this->input->post('email', TRUE));
$password=$this->input->post('password', TRUE);
if($email=='[email protected]' && $password=='12345'){
$noError['success'] = TRUE;
$noError['success'] = FALSE;
echo json_encode($noError);

The problem is , when the button click more than once, the form bocome not working

You can see the video here

What seems to be the problem?

Hi, yes, that would be the correct outcome if you have $config['csrf_regenerate'] = TRUE, which looks like you do.

The CI guide: "Tokens may be either regenerated on every submission (default) or kept the same throughout the life of the CSRF cookie. The default regeneration of tokens provides stricter security, but may result in usability concerns as other tokens become invalid (back/forward navigation, multiple tabs/windows, asynchronous actions, etc)."  - https://www.codeigniter.com/user_guide/l...rgery-csrf

As Kmycic states, you need to return a new CSRF token in your ajax response and then have JS update your form field if you wish to submit the form again.

In addition to that, you are using the form_open function which will add your CSRF token to the form, there is no need to add it directly to the java script function.  I would look at the ajax serialize function which will include the hidden CSRF token when the form is submitted.

This is my solution
PHP Code:
var csrf_token '<?php echo $this->security->get_csrf_hash(); ?>';
data: {
post_title : $("#post_title").val(),
post_content : $("#post_content").val(),
csrf_test_name csrf_token
success: function (data) {
//your success action

Your Ajax url is wrong for one.

PHP Code:
url :'<?=base_url().'user/login',

// Should be
url :"<?=base_url('
user/login); ?>", 

I do this in the head of my html document for the url's.

    <!-- Pass base_url() and site_url() to jQuery JavaScript -->
        var baseUrl = "<?php echo base_url(); ?>";
        var siteUrl = "<?php echo site_url(); ?>";

Then in jQuery you can use baseUrl or siteUrl for url's.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )

Theme © iAndrew 2016 - Forum software by © MyBB