CSRF令牌问题

CSRF令牌问题

关注
发信
关注(28)粉丝(399)

Codeigniter CSRF令牌问题

本文介绍了Codeigniter CSRF令牌问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我做了一个简单的注册/简报网站,但我有一个奇怪的问题。有些人收到一个错误,表示

I've made a simple signup/newsletter site, but I've got a weird problem. Some people get a error that says

我已经尝试google,发现当CSRF设置为true时,人们也有同样的问题。但是,我不会发生在每个人,只是一小群人。我使用form_open和form_close,我可以看到隐藏的字段(令牌)。

I've already tried google and found that people had the same problem when CSRF was set to true. However, i doesn't happens to everyone, just a small group of people. I'm using form_open and form_close and i can see the hidden field (token).

我使用最新版本的Codeigniter 2.0.2

I'm using the latest version of Codeigniter 2.0.2

这是我的控制器 

    function __construct() {
    parent::__construct();
    session_start();
}

function index() {

    $this->load->model('beta_signup_model');

    $this->form_validation->set_rules('mail','e-mail','required|valid_email|xss_clean|callback__mail_check');

    // Check for errors
    if($this->form_validation->run() == FALSE) {

        // The system found a form validation error


    } else {

        // No errors found
        $_SESSION['mail_success'] = 1;
        $_SESSION['mail'] = $this->input->post('mail');

        redirect(base_url() . 'confirm');

    }

    ///// FILLS OUT INPUT FIELDS /////

    // Loads field_populator_helper
    $this->load->helper('field_populator_helper');

    // Defines input field names
    $input_names = array(
                    'mail',
    );

    // Defines default values
    $default_values = array(
                    'Skriv inn e-posten din..',
    );

    // Auto-populates fields with blur and focus
    $data['field_populator'] = populateFields($input_names, $default_values);

    $this->load->view('frontpage_view', $data);

}


推荐答案

同样的问题:完全清洁CI 2.1.0,在MAMP上,并且只是遵循在用户指南中的教程。

I had the same problem: totally clean instal of CI 2.1.0, on MAMP, and just following along the tutorial in the User Guide.

经过大量的搜索和搜索,我发现在application / config.php中,变量$ config ['cookie_prefix']必须总是设置为空

After a lot of searching and googling, I found that in 'application/config.php', the variable $config['cookie_prefix'] must always be set to empty, otherwise if CSRF protection is turned on, this error will occur.

这可能是还有其他问题 - 即会话库,加密或XSS保护,

It could be that there are other issues involved - ie., session library, encryption or XSS protection, etc. - but just leaving the 'cookie_prefix' empty seems to have sorted it for me.

我希望这可以帮助别人。

I hope this helps others.

这篇关于Codeigniter CSRF令牌问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-23 00:23
Powered by LMLPHP ©2024 CSRF令牌问题 0.047313