csrf_token question

Jamie Whittingham

Active Member
Im writing a plugin for handling login's from third party platforms.

How are you generating your csrf_token
? is it static for each Mw install and doesnt change?

Or does it get generated each time a different browser reachs you login point?

thanks
 
The csrf tokens change with each request. If you want to send post from another source, the only way is to disable the csrf toke, which i don't advise.
 
The csrf tokens change with each request. If you want to send post from another source, the only way is to disable the csrf toke, which i don't advise.
Does this relate to logging in for different users in separate tabs or is there a solution for it?
 
In apps/common/config/main-custom.php you have:
Code:
...
'components' => array(
    'db' => array(
    ...
    ),

    // add this:
    'request' => array(
        'enableCsrfValidation'    => false,
    ),
    // end addition
)
...
 
Back
Top