• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CSRF error on login

#11
Interesting news on this: I increased the logging level to 4 (everything), and that didn't help much (apart from "CSRF cookie sent" there was no useful info there. But along the way, I accidentally found out that if I try to login, hit the error, go to the login screen again and logged in, it worked! I then repeated the process two more times on Edge, and once o IE.

I'm not sure what this means yet, but now I'm definitely convinced it's browser-related. It almost sounds like Edge and IE are caching the CSRF tokens from a previous login or something. Any ideas?
Reply

#12
Did you use the Developer tools F12 and check the console and network tabs?

It should show you whats going on.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#13
Well as I said before, I tried the network tab, and the only new info I got was the response code (403 Forbidden), and that doesn't really help much (I never explicitly set that header in my code, so again the code that causes this seems to come from CI itself). I did not check the JavaScript console, because there is no JavaScript on the page. I did check to make sure that the hidden input field with the CSRF token was there (it was) but it's just a simple HTML form (no AJAX calls or anything that would print to the JS console).
Reply

#14
@mfox,

Have you tried regenerating the CSRF for every submission.
Changing the config parameter... $config['csrf_regenerate'] = TRUE;
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2018 MyBB Group.