当用户登录时,他可以用一个小表单执行搜索。这是对控制器的ajax请求。我可以多次执行此操作。但是,当我尝试重新加载页面时,用户已注销,需要重新登录。
这是我的JS:
var CFG = {
url: '<?php echo $this->config->item('base_url'); ?>',
token: '<?php echo $this->security->get_csrf_hash(); ?>'
};
$(function()
{
$('#personen_search_result').hide();
$('#search_alert').hide();
$.ajaxSetup(
{
data:
{
token:CFG.token
}
});
$(document).ajaxSuccess(function(e,x)
{
var result = $.parseJSON(x.responseText);
$('input:hidden[name="token"]').val(result.token);
$.ajaxSetup(
{
data:
{
token: result.token
}
});
});
$( "#submit_personen" ).click(function(event)
{
event.preventDefault();
var namelast = $('#namelast').val();
var dateofbirth = $('#dateofbirth').val();
var rijksregisternr = $('#rijksregisternr').val();
var email = $('#email').val();
var hosid = <?php echo $this->session->hosid; ?>;
$.ajaxSetup(
{
data:
{
nameLast: namelast,
dateofBirth: dateofbirth,
rijksregisterNr: rijksregisternr,
email: email,
hosid: hosid
}
});
$('#table_personen').html("");
$('#search_alert').html("").hide();
$.post(CFG.url + 'persoon/js_retrieve', function(data)
{
if(data['status'] == 200)
{
var personenrows = data['html'];
$('#table_personen').append (personenrows);
if (!$('#personen_search_result').is(':visible'))
$('#personen_search_result').slideToggle();
}
else if (data['status'] == 400)
{
var message = data['html'];
$('#search_alert').append(message);
if (!$('#search_alert').is(':visible'))
$('#search_alert').slideToggle();
}
}, 'json');
});
});
这是我的控制器:
public function js_retrieve()
{
// Data preperations
// Query Builder
if ($result->num_rows() == 0)
{
// No result: error message
$data['html'] = '<span class="alert">Geen personen gevonden.</span>';
$data['status'] = 400;
}
else
{
// Good result, show list in table
// table header
$html = '<thead class="thead-light"><tr><th>Naam</th>th>Voornaam</th><th>Geboortedatum</th><th>Rijksregister</th><th>status</th></tr><tbody>';
// create rows
foreach ($result->result_array() as $row)
{
$html .=
'<tr>/\n<td><a href="'. base_url( 'persoon/detail/' .$row['id'] ) .'">' . $row['NameLast'] .', '. $row['NameFirst'] . '</a></td>/\n<td>' . $row['DateofBirth'] . '</td>/\n<td>' . $row['RijksRegisterNumber'] . '</td>/\n<td>' . $row['Status'] . '</td></tr>';
}
// close body
$data['html'] = $html . '</tbody>';
// status
$data['status'] = 200;
}
// Set CSRF token hash & headers
$data['oldtoken'] = $this->input->post('token');
$data['token'] = $this->security->get_csrf_hash();
if (!headers_sent())
{
header('Cache-Control: no-cache, must-revalidate');
header('Expires: ' . date('r'));
header('Content-type: application/json');
}
// return result
exit( json_encode($data , JSON_FORCE_OBJECT) );
}
有谁能给我一些指导吗?
PS:这些是我的配置:
$config['csrf_token_name'] = 'token';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = FALSE;
$config['csrf_exclude_uris'] = array();
最佳答案
与其说这是一个答案,不如说这是一个故障排除测试,时间太长,无法发表评论。试试这个:
$this->output->set_header('Cache-Control: no-store, no-cache, must-revalidate');
$this->output->set_content_type('application/json');
$this->output->set_output(json_encode($data, JSON_FORCE_OBJECT));
$this->output->_display();
exit;
关于php - CodeIgniter和CSRF,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/47159077/