I Am using开发者_如何学Python CI 2. I have enabled CSRF protection in the config file:
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'sitename';
$config['csrf_cookie_name'] = 'sitename';
$config['csrf_expire'] = 7200;
I am using Codeigniter forms only. Sometimes I get the error “you are not authorized to perform this action” wile submitting forms or login.
If I refresh and try again then every thing works fine. Why is this happening?
You can make a JS confirm box triggering upon the cookie expiring time, asking the user to extend his session. I think that's the most elegant solution you can get if you want to keep using the CSRF.
Well this happens because your CSRF token expires, its the proper process, increase the CSRF token expiry time from 7200 seconds to something more relevant to your needs (7200 / 60 / 60 = 2 hours).
Read up a bit more on what CSRF does for you here:
http://en.wikipedia.org/wiki/Cross-site_request_forgery
This happens because of token expiry. You can simply extend the core security class and refresh the page automatically.
Check the solution here
精彩评论