Codeigniter CSRF - how does it work Codeigniter CSRF - how does it work php php

Codeigniter CSRF - how does it work


php security codeigniter token

The CSRF token is added to the form as a hidden input only when the form_open() function is used.

A cookie with the CSRF token's value is created by the Security class, and regenerated if necessary for each request.

If $_POST data exists, the cookie is automatically validated by the Input class. If the posted token does not match the cookie's value, CI will show an error and fail to process the $_POST data.

So basically, it's all automatic - all you have to do is enable it in your $config['csrf_protection'] and use the form_open() function for your form.

A good article I found that explains it very well: https://beheist.com/blog/csrf-protection-in-codeigniter-2-0-a-closer-look.html

php security codeigniter token

Refer this Link -- Used CSRF Tokens using form helper or Manually

The article explains how to work around with CSRF Tokens in

  • form open with form helper form_open() function
  • in ajax forms
  • ajax/jquery serialization forms

This article also explains about how to "Disable CSRF for cetain URL's(Which are used as webservice urls)"

php security codeigniter token

When csrf protection enabled security class checks this token automatically (it compares POST token with COOKIE token)

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last