Posts: 17
Threads: 5
Joined: Jun 2018
Reputation:
0
Interesting news on this: I increased the logging level to 4 (everything), and that didn't help much (apart from "CSRF cookie sent" there was no useful info there. But along the way, I accidentally found out that if I try to login, hit the error, go to the login screen again and logged in, it worked! I then repeated the process two more times on Edge, and once o IE.
I'm not sure what this means yet, but now I'm definitely convinced it's browser-related. It almost sounds like Edge and IE are caching the CSRF tokens from a previous login or something. Any ideas?
Posts: 4,365
Threads: 101
Joined: Oct 2014
Reputation:
146
Did you use the Developer tools F12 and check the console and network tabs?
It should show you whats going on.
What did you Try? What did you Get? What did you Expect?
Joined CodeIgniter Community 2009. ( Skype: insitfx )
Posts: 17
Threads: 5
Joined: Jun 2018
Reputation:
0
Well as I said before, I tried the network tab, and the only new info I got was the response code (403 Forbidden), and that doesn't really help much (I never explicitly set that header in my code, so again the code that causes this seems to come from CI itself). I did not check the JavaScript console, because there is no JavaScript on the page. I did check to make sure that the hidden input field with the CSRF token was there (it was) but it's just a simple HTML form (no AJAX calls or anything that would print to the JS console).
Posts: 1,142
Threads: 15
Joined: Jun 2016
Reputation:
55
@mfox,
Have you tried regenerating the CSRF for every submission.
Changing the config parameter... $config['csrf_regenerate'] = TRUE;