$config['csrf_protection'] = TRUE;
I am using Ion Auth.
When A user is logged in, walks away and the session expires if they try to submit the form they get “The action you have requested is not allowed.” this error for obvious reasons. but I don’t want to happen till after they user is checked for being logged in.
So how can I make the logged in check fire before thecsrf form protection?
This must be an issue/problem someone has also been faced with?