We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

CSRF again

I met one more problem with CSRF protection. All works fine, but when I'm trying to post ANY CSRF-protected form from FIRST PAGE is always fails. I'm using pagnation:

public function indexAction($boardAbbr, $currentPage = 1)
        // Passing a resultset as data
        $paginator = new Paginator(array(
            'data' => Threads::find(array(
                'board_id = ?0',
                'bind' => array($board->id),
                'order' => 'modified_at DESC'
            'limit' => $this->config->hakaba->threadsPerPage,
            'page'  => $currentPage

        $this->view->page = $paginator->getPaginate();
        $this->view->token = $this->security->getToken();
        $this->view->tokenKey = $this->security->getTokenKey();


{% for thread in page.items %}
    {{ partial('partials/thread') }}
{% endfor %}

Notice, that the error appears on first page only. No matter is URL : https://localhost/nature or https://localhost/nature/page/1 in any case I got changed tokens But when I trying to post the form on https://localhost/nature/page/2 it's posted successfully. Any ideas?

Sorry, all is okay. I spent half day to realize that my action what I post to is from another controller and I just add $this->view->disable(); Now it's works!

I mistaken. Problem still exists. :((


Is the validation code right after the token generation $this->view->token = $this->security->getToken(); ?

Yes. Like this: if ($this->security->checkToken()) { / all is ok / } else { / bad token / }

But it works only few times... I don't know why and when it happens it's very mysterious thing.