I can't seem to find the article but I am fairly certain I have read the requireAuth is pretty much dependent on requirePost. I believe even if they work separately, you lose all benefits without requirePost. I apologize because I cannot remember why or where I read this, so hopefully someone with more knowledge will be able to add to this.
On Mon, Nov 23, 2009 at 7:02 AM, dhruv <[email protected]> wrote: > I read this... > > "The authentication key is regenerated every time a form is evaluated > with requireAuth. This means that if a user submits a form with a key > that has already been used, the form submission will be considered > invalid. There are several cases in which this could occur, including > but not limited to using multiple browser windows, using the Back > button to return to a previous page, browser caching, proxy caching, > and more. While you may be tempted to write off these problems as user > error, you should resist the temptation and plan on handling invalid > form submissions gracefully." > > ... at > http://www.ibm.com/developerworks/opensource/library/os-php-cake3/index.html > > I am having no luck in getting this behavior to work. My forms > continue to submit and work with the same tokens. Wondering if anybody > could help here. > > I am using CakePHP 1.2 and so was the author of that article. My only > change is that I am not using the requirePost method since the form > submits to itself. So, the GET method for loading the form for the > first time stops working if I requirePost it. > > I have checked that my tokens remain the same using Firebug. They have > no good reason to change since I had pressed the Back button to reach > the form again. The form submits successfully everytime I press Back > and Submit it. This is the problem. I thought the same Token number > was not usable again. Anyway, I am looking for a solution to solve the > Back and Submit problem. > > I have also tried other browsers, besides Firefox 3.5 . > > -- > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<cake-php%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/cake-php?hl=. > > > -- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/cake-php?hl=.
