Any one have any idea how to fix this issue ?
Thanks,
Mandar
On Thursday, 17 April 2014 15:27:26 UTC+1, Mandar P wrote:
>
> Hi,
>
> Im using 2.5 to build simple crud application with csrf enabled.
>
> When using php based sessions everything works fine but changing it to
> database sessions csrf black-hole occurs on edit form submission. Please
> note that add form works absolutely fine irrespective of php/db based
> session.
>
> Looking at request and session data i found that
> SecurityComponent::_validateCsrf() method fails as data passed in
> $controller->request->data('_Token.key') is not found in data read from
> $this->Session->read('_Token')
>
> I think :
>
> 1> either session is not being updated correctly with token key value when
> form is created
>
> or
>
> 2> request data is tampered before it reaches security component
>
> I suspect problem is no.1 as forms work correctly when php based sessions
> are used.
>
> Im also using debugkit and passwordHasher => Blowfish in app controller
>
> Any one have any ideas?
>
> Thanks,
> Mandar
>
>
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
