Set the CSRF cookie only when needed (e.g. when a form has been created) |
Hello everyone,
I would like to set as few cookies as possible. Preferably none at all. But I also want to enable CSRF protection. My idea: I don't want to set the CSRF cookie until a form (with the hidden CSRF token) is created. This allows me to hide all forms behind a "cookies are allowed" check. What I want to do: a user comes to the website and must agree to cookies in the (famous...) cookie notice. This sets a "cookies-are-authorized-cookie". Now he can go to the login form where the CSRF cookie is only set if the "cookies-are-authorized-cookie" has been found... Otherwise he will be redirected to an information page WITHOUT the CSRF cookie (or any other cookie) being set. Can you please help me to install such a check? I think this might be interesting for other users. Many thanks and many greetings
@Kel,
Did you take a look at the CI documentation ( https://codeigniter.com/user_guide/libra...rgery-csrf )? |
Welcome Guest, Not a member yet? Register Sign In |