We are moving our forum in GitHub Discussions. For questions about Phalcon v3/v4 you can visit here and for Phalcon v5 here.



I have build a site using ajax, so some of the pages are called with a ajax request. But with every ajax requst, the CSRF changes, so if I have a form, and a ajax request is called after, the csrf changes? How can I prevent this?

My csrf works on pages where there is none ajax request.



if this page is immportant ( login etc.. or bank website ) dont do ajax and simply use the token, otherwise when you check the token pass the 3rd param false

checktoken(true,true, false)

i think its was like that i am not on pc now to check how it was exactly

That's the base limitation of HTTP being stateless protocol.

My site is based on ajax, so I can't just change it..

Would it be safe, to save it in meta tags in header, then change the header on page request?