csrf_token question

Jamie Whittingham

Active Member
Im writing a plugin for handling login's from third party platforms.

How are you generating your csrf_token
? is it static for each Mw install and doesnt change?

Or does it get generated each time a different browser reachs you login point?

thanks
 

twisted1919

Administrator
Staff member
The csrf tokens change with each request. If you want to send post from another source, the only way is to disable the csrf toke, which i don't advise.
 

frm.mwz

Well-Known Member
The csrf tokens change with each request. If you want to send post from another source, the only way is to disable the csrf toke, which i don't advise.
Does this relate to logging in for different users in separate tabs or is there a solution for it?
 

twisted1919

Administrator
Staff member
In apps/common/config/main-custom.php you have:
Code:
...
'components' => array(
    'db' => array(
    ...
    ),

    // add this:
    'request' => array(
        'enableCsrfValidation'    => false,
    ),
    // end addition
)
...
 
Top