CI 2.0.0 CSRF Question / Forums / Community / EllisLab

Forum Logo

CI 2.0.0 CSRF Question

ci_the_best

Posted: 29 January 2011 09:37 AM

[ Ignore ]

Joined: 2010-01-29
46 posts

Hello!

How I should configure “csrf_token_name” and “csrf_cookie_name” for a live site?

Can somebody help me? Please!

Thank you!

Eric Barnes

Posted: 30 January 2011 01:22 AM

[ Ignore ] [ # 1 ] [ Rating: 0 ]

Joined: 2006-12-04
515 posts

You can leave them as is if you want. I pulled these out of the security library and moved it into config just so you have the option to name it differently.

Signature

————————
Eric Barnes | Twitter
————————

ci_the_best

Posted: 30 January 2011 06:24 AM

[ Ignore ] [ # 2 ] [ Rating: 0 ]

Joined: 2010-01-29
46 posts

Ok . Thank you!

system68

Posted: 31 January 2011 05:49 AM

[ Ignore ] [ # 3 ] [ Rating: 0 ]

Joined: 2011-01-31
1 posts

Does CSRF handle the encoding issue highlighted here in which Mike Duncan suggests to use urlencode() as a precaution?

ponderwell.net/2010/08/codeigniter-xss-protection-is-good-but-not-enough-by-itself/