This ticket may be the issue:
http://trac.symfony-project.org/ticket/4000
I do clear and re-add all credentials at the start of every page
request so its a good chance that its regenerating the session every
single time, causing the error.
On Jul 21, 4:03 pm, Ian <[EMAIL PROTECTED]> wrote:
> Ok well I figured out whats going on.
>
> Consider this method of sfForm:
>
> public function getCSRFToken($secret)
> {
> return md5($secret.session_id().get_class($this));
> }
>
> session_id() is generating a random ID on every page request... So if
> you submit a form, it generates a new session_id(), causing the md5 to
> be different and thus always failing the check from the bound
> _csrf_token. I'm using sfPDOSessionStorage for sessions, so maybe a
> recent change affected this. I'll do some more digging, but before I
> open a ticket, has anyone else run into this issue?
>
> On Jul 21, 11:49 am, Ian Ricketson <[EMAIL PROTECTED]> wrote:
>
>
>
> > Any reason why upgrading from 1.0 to 1.1 would cause all my forms to report
> > CSRF errors like:
> > csrf token: CSRF attack detected.
> > Worked before, but I dunno what changed. Any ideas?--Ian
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
-~----------~----~----~----~------~----~------~--~---
