Codeigniter csrf保护错误:
我正在使用 CI 2。我已在配置文件中启用 CSRF 保护:
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'sitename';
$config['csrf_cookie_name'] = 'sitename';
$config['csrf_expire'] = 7200;
我仅使用 Codeigniter 表单。有时,我在提交表单或登录时收到错误“您无权执行此操作”。
如果我刷新并重试,那么一切都会正常。为什么会发生这种情况?
I Am using CI 2. I have enabled CSRF protection in the config file:
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'sitename';
$config['csrf_cookie_name'] = 'sitename';
$config['csrf_expire'] = 7200;
I am using Codeigniter forms only. Sometimes I get the error “you are not authorized to perform this action” wile submitting forms or login.
If I refresh and try again then every thing works fine. Why is this happening?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您可以在 cookie 过期时间触发 JS 确认框,要求用户延长会话。我认为如果您想继续使用 CSRF,这是您可以获得的最优雅的解决方案。
You can make a JS confirm box triggering upon the cookie expiring time, asking the user to extend his session. I think that's the most elegant solution you can get if you want to keep using the CSRF.
发生这种情况是因为您的 CSRF 令牌过期了,这是正确的过程,将 CSRF 令牌过期时间从 7200 秒增加到与您的需求更相关的时间(7200 / 60 / 60 = 2 小时)。
在这里详细了解 CSRF 为您所做的事情:
http://en.wikipedia.org/wiki/Cross-site_request_forgery
Well this happens because your CSRF token expires, its the proper process, increase the CSRF token expiry time from 7200 seconds to something more relevant to your needs (7200 / 60 / 60 = 2 hours).
Read up a bit more on what CSRF does for you here:
http://en.wikipedia.org/wiki/Cross-site_request_forgery