Hi,
in action processForm, I have :
if ($form->isValid())
{
...
}
else
{
$this->getUser()->removeCredential("XXXX");
}
since removeCredential calls $this->storage->regenerate(false); ( and
then session_regenerate_id ),
the "csrf token" is no longer valid and the next time the form is
called it throws "csrf token: CSRF attack detected"
Am I wrong ?
(if I comment $this->storage->regenerate(false);, everything goes
fine)
Symfony 1.3
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
To unsubscribe, reply using "remove me" as the subject.
