Codeigniter CSRF令牌问题 [英] Codeigniter CSRF token problem

问题描述

我做了一个简单的注册/简报网站，但我有一个奇怪的问题。有些人收到一个错误，表示

I've made a simple signup/newsletter site, but I've got a weird problem. Some people get a error that says

遇到错误不允许您请求的操作
。

An Error Was Encountered The action you have requested is not allowed.

我已经尝试google，发现当CSRF设置为true时，人们也有同样的问题。但是，我不会发生在每个人，只是一小群人。我使用form_open和form_close，我可以看到隐藏的字段（令牌）。

I've already tried google and found that people had the same problem when CSRF was set to true. However, i doesn't happens to everyone, just a small group of people. I'm using form_open and form_close and i can see the hidden field (token).

我使用最新版本的Codeigniter 2.0.2

I'm using the latest version of Codeigniter 2.0.2

这是我的控制器

    function __construct() {
    parent::__construct();
    session_start();
}

function index() {

    $this->load->model('beta_signup_model');

    $this->form_validation->set_rules('mail','e-mail','required|valid_email|xss_clean|callback__mail_check');

    // Check for errors
    if($this->form_validation->run() == FALSE) {

        // The system found a form validation error


    } else {

        // No errors found
        $_SESSION['mail_success'] = 1;
        $_SESSION['mail'] = $this->input->post('mail');

        redirect(base_url() . 'confirm');

    }

    ///// FILLS OUT INPUT FIELDS /////

    // Loads field_populator_helper
    $this->load->helper('field_populator_helper');

    // Defines input field names
    $input_names = array(
                    'mail',
    );

    // Defines default values   
    $default_values = array(
                    'Skriv inn e-posten din..',
    );

    // Auto-populates fields with blur and focus
    $data['field_populator'] = populateFields($input_names, $default_values);

    $this->load->view('frontpage_view', $data);

}

推荐答案

同样的问题：完全清洁CI 2.1.0，在MAMP上，并且只是遵循在用户指南中的教程。

I had the same problem: totally clean instal of CI 2.1.0, on MAMP, and just following along the tutorial in the User Guide.

经过大量的搜索和搜索，我发现在application / config.php中，变量$ config ['cookie_prefix']必须总是设置为空

After a lot of searching and googling, I found that in 'application/config.php', the variable $config['cookie_prefix'] must always be set to empty, otherwise if CSRF protection is turned on, this error will occur.

这可能是还有其他问题 - 即会话库，加密或XSS保护，

It could be that there are other issues involved - ie., session library, encryption or XSS protection, etc. - but just leaving the 'cookie_prefix' empty seems to have sorted it for me.

我希望这可以帮助别人。

I hope this helps others.

这篇关于Codeigniter CSRF令牌问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！