Hello.
I have build a site using ajax, so some of the pages are called with a ajax request. But with every ajax requst, the CSRF changes, so if I have a form, and a ajax request is called after, the csrf changes? How can I prevent this?
My csrf works on pages where there is none ajax request.
Thanks!
if this page is immportant ( login etc.. or bank website ) dont do ajax and simply use the token, otherwise when you check the token pass the 3rd param false
checktoken(true,true, false)i think its was like that i am not on pc now to check how it was exactly
That's the base limitation of HTTP being stateless protocol.
My site is based on ajax, so I can't just change it..
Would it be safe, to save it in meta tags in header, then change the header on page request?
