csrf_token question

Jamie Whittingham · Dec 8, 2016

Im writing a plugin for handling login's from third party platforms.

How are you generating your csrf_token
? is it static for each Mw install and doesnt change?

Or does it get generated each time a different browser reachs you login point?

thanks

twisted1919 · Dec 9, 2016

The csrf tokens change with each request. If you want to send post from another source, the only way is to disable the csrf toke, which i don't advise.

frm.mwz · Dec 9, 2016

twisted1919 said:
The csrf tokens change with each request. If you want to send post from another source, the only way is to disable the csrf toke, which i don't advise.

Does this relate to logging in for different users in separate tabs or is there a solution for it?

Jamie Whittingham · Dec 10, 2016

@frm.mwz - no its not mate

@twisted1919 - how would I do that?

twisted1919 · Dec 12, 2016

In apps/common/config/main-custom.php you have:

Code:

...
'components' => array(
    'db' => array(
    ...
    ),

    // add this:
    'request' => array(
        'enableCsrfValidation'    => false,
    ),
    // end addition
)
...

csrf_token question

Jamie Whittingham

Active Member

twisted1919

Administrator

frm.mwz

Well-Known Member

Jamie Whittingham

Active Member

twisted1919

Administrator