Stig Manning wrote:
> I have run into this problem also, basically the only way I managed to
> fix this was to remove CSRF protection for the login form.
> I believe it is to do with how the global CSRF token is created, it is
> using the session_id which is being reset by symfony. I would like to
> know if anyone knows how to fix this.
>
>
Hi Grégoire,
I have revisited this problem and the solution is very simple. Basically
the problem is that you are processing the form submission as a login
attempt, due to the login function executing because of the forward.
The solution add a test to see if the post *doesn't* contain the login
data. See below:
$this->login_form = new LoginForm;
//User is posting from another form (possibly due to session timeout),
ignore this post
if ($request->isMethod('post')&&!$request->hasParameter('login'))
{
return;
}
if ($request->isMethod('post'))
{
$this->login_form->bind($request->getParameter('login'));
if ($this->login_form->isValid())
{
$this->redirect('@account-index');
}
}
Hope this helps!
Cheers,
Stig
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
