EllisLab text mark
Advanced Search
     
CI 2.0.0 CSRF Question
Posted: 29 January 2011 08:37 AM
Joined: 2010-01-29
54 posts

Hello!

How I should configure “csrf_token_name” and “csrf_cookie_name” for a live site?

Can somebody help me? Please!

Thank you!

 
Posted: 30 January 2011 12:22 AM   [ # 1 ]   [ Rating: 0 ]
Avatar
Joined: 2006-12-04
515 posts

You can leave them as is if you want. I pulled these out of the security library and moved it into config just so you have the option to name it differently.

 Signature 

————————
Eric Barnes | Twitter
————————

 
Posted: 30 January 2011 05:24 AM   [ # 2 ]   [ Rating: 0 ]
Joined: 2010-01-29
54 posts

Ok smile. Thank you!

 
Posted: 31 January 2011 04:49 AM   [ # 3 ]   [ Rating: 0 ]
Joined: 2011-01-31
1 posts

Does CSRF handle the encoding issue highlighted here in which Mike Duncan suggests to use urlencode() as a precaution?

ponderwell.net/2010/08/codeigniter-xss-protection-is-good-but-not-enough-by-itself/