CSRF token, check failed - return only false

Question

CSRF token, check failed - return only false

Krasimir Petrov Jul '17

Created Jul '17	Last Reply Mar '19	Replies 4	Views 1331	Votes 0

Krasimir Petrov 3.3k

Jul '17

Hello!

I have problem with csrf token.

In my form i have:

<input type='hidden' name='<?php echo $this->security->getTokenKey(); ?>' value='<?php echo $this->security->getToken(); ?>'/>

in controller, i check token with

$this->security->checkToken();

and this return false only.

I have:

$di->setShared('session', function () { $session = new SessionAdapter(); $session->start();

return $session;

});

Edit: Hi, again. The problem exists when I'm redirected to the form page, and if I open it directly all work.

I open user/user, but i not logged and redirect me to login page->csrf no work; I open user/login direct and csrf is work.

Where is the problem?

Emilio Degiovanni
32.2k

Accepted
answer

Jul '17

Hi @yanancom you must use getSessionToken() to get last token, or use checkToken( , ,false) use false at last param to not destroy if the token is valid

Good luck

yanancom · Answer 1 · 2017-07-23T20:34:26-07:00

yanancom
62

Jul '17

i am not a bot, please

Izo · Answer 2 · 2017-07-24T01:00:35-07:00

token checking is valid only once.

first time you execute checkToken() the token ( in the session ) will be removed. My guess is this is what is causing your problem

Krasimir Petrov · Answer 3 · 2017-07-25T05:06:53-07:00

Krasimir Petrov
3.3k

Jul '17

Thanks for help, Emilio.

Pashkamel · Answer 4 · 2019-03-07T06:13:54-07:00

AJ, I get your comment about the hair - the thing is, would the person asking to touch it feel free to ask the same thing of an African American mom and her child, or did the person see the kid as available for curiosity-seekers simply because she obviously adopted? My List Theory Why You Can't Break Up With A Drunk Person