Codeigniter CSRF token problem

It may help to change your 'sess_cookie_name' in config.php to ensure that it has no spaces or underscores.

$config['sess_cookie_name'] = 'mycookiename';

I had the same problem: totally clean instal of CI 2.1.0, on MAMP, and just following along the tutorial in the User Guide.

After a lot of searching and googling, I found that in 'application/config.php', the variable $config['cookie_prefix'] must always be set to empty, otherwise if CSRF protection is turned on, this error will occur.

It could be that there are other issues involved - ie., session library, encryption or XSS protection, etc. - but just leaving the 'cookie_prefix' empty seems to have sorted it for me.

I hope this helps others.

CSRF is valid when token from the hidden field is matching token from the cookie. Check four things:

1. Don't use native php sessions (session_start etc). Switch to Session class in CI. http://codeigniter.com/user_guide/libraries/sessions.html

2. Check cookie config in /application/config/config.php

3. Check value of token in your form, is it different every page refresh?

4. Maybe try to download current version of CI from https://bitbucket.org/ellislab/codeigniter-reactor/downloads