Any one have any idea how to fix this issue ? Thanks, Mandar
On Thursday, 17 April 2014 15:27:26 UTC+1, Mandar P wrote: > > Hi, > > Im using 2.5 to build simple crud application with csrf enabled. > > When using php based sessions everything works fine but changing it to > database sessions csrf black-hole occurs on edit form submission. Please > note that add form works absolutely fine irrespective of php/db based > session. > > Looking at request and session data i found that > SecurityComponent::_validateCsrf() method fails as data passed in > $controller->request->data('_Token.key') is not found in data read from > $this->Session->read('_Token') > > I think : > > 1> either session is not being updated correctly with token key value when > form is created > > or > > 2> request data is tampered before it reaches security component > > I suspect problem is no.1 as forms work correctly when php based sessions > are used. > > Im also using debugkit and passwordHasher => Blowfish in app controller > > Any one have any ideas? > > Thanks, > Mandar > > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.