One more ticket that may be related... http://trac.symfony-project.org/ticket/3932
On Jul 21, 3:13 pm, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > See also this, with a possible > patch:http://trac.symfony-project.org/ticket/3857 > > Michael > > On 22 Jul., 00:10, Ian <[EMAIL PROTECTED]> wrote: > > > This ticket may be the issue:http://trac.symfony-project.org/ticket/4000 > > > I do clear and re-add all credentials at the start of every page > > request so its a good chance that its regenerating the session every > > single time, causing the error. > > > On Jul 21, 4:03 pm, Ian <[EMAIL PROTECTED]> wrote: > > > > Ok well I figured out whats going on. > > > > Consider this method of sfForm: > > > > public function getCSRFToken($secret) > > > { > > > return md5($secret.session_id().get_class($this)); > > > } > > > > session_id() is generating a random ID on every page request... So if > > > you submit a form, it generates a new session_id(), causing the md5 to > > > be different and thus always failing the check from the bound > > > _csrf_token. I'm using sfPDOSessionStorage for sessions, so maybe a > > > recent change affected this. I'll do some more digging, but before I > > > open a ticket, has anyone else run into this issue? > > > > On Jul 21, 11:49 am, Ian Ricketson <[EMAIL PROTECTED]> wrote: > > > > > Any reason why upgrading from 1.0 to 1.1 would cause all my forms to > > > > report CSRF errors like: > > > > csrf token: CSRF attack detected. > > > > Worked before, but I dunno what changed. Any ideas?--Ian --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
