Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

CSRF token, check failed - return only false

Hello!

I have problem with csrf token.

In my form i have:

<input type='hidden' name='<?php echo $this->security->getTokenKey(); ?>' value='<?php echo $this->security->getToken(); ?>'/>

in controller, i check token with

$this->security->checkToken();

and this return false only.

I have:

$di->setShared('session', function () { $session = new SessionAdapter(); $session->start();

return $session;

});

Edit: Hi, again. The problem exists when I'm redirected to the form page, and if I open it directly all work.

I open user/user, but i not logged and redirect me to login page->csrf no work; I open user/login direct and csrf is work.

Where is the problem?

i am not a bot, please



83.5k

token checking is valid only once.

first time you execute checkToken() the token ( in the session ) will be removed. My guess is this is what is causing your problem



31.3k
Accepted
answer

Hi @yanancom you must use getSessionToken() to get last token, or use checkToken( , ,false) use false at last param to not destroy if the token is valid

Good luck



1.9k

Thanks for help, Emilio.

AJ, I get your comment about the hair - the thing is, would the person asking to touch it feel free to ask the same thing of an African American mom and her child, or did the person see the kid as available for curiosity-seekers simply because she obviously adopted? My List Theory Why You Can't Break Up With A Drunk Person