Welcome Guest, Not a member yet? Register   Sign In
CSRF protection for direct url access
#1

Hi Guys,

I am new in codeigniter. Any idea how prevent direct url access.

i can make crud opration project. for "View" or "Delete" Operation i want to prevent with CSRF token.

Code:
http://localhost/user/view/5

i want to prevent this. and same a delete.

CSRF enable in config file and CSRF token work with add, edit form

i want only direct url access.

Thank you.
Reply
#2

What do you mean by "direct url access"?

Have you implemented user login/authentication?

If user does not have to log in, effectively, if someone can figure out the URL, they can just browse to it.

If user session authentication is in place, you can put general check in controller __construct method to ensure user has logged in by that point, and on individual controller methods check that user is trying to access/edit their own user profile (or profiles they are allowed to see).
Reply




Theme © iAndrew 2016 - Forum software by © MyBB