I figured out the problem: the key set in the form is not the same as the one in the Session.Somehow the latter one get's generated again somewhere. I have added some logging throughout the system and this is wat happens: 2007-10-19 10:16:36 Error: Dispatcher::start(Forumposts) 2007-10-19 10:16:36 Error: SecurityComponent::startup(Forumposts) 2007-10-19 10:16:36 Error: Generate Token (Forumposts): 9771489b68d380e904f0ca0033f84be7488cc315 2007-10-19 10:16:36 Error: Dispatcher::start(App) 2007-10-19 10:16:36 Error: SecurityComponent::startup(App) 2007-10-19 10:16:36 Error: Generate Token (App): 21ee75781b5616b1d2b5da03d372291e43e66cb1
So, generateToken get's called twice. The first time is the key which is written to the form, the second time it overwrites the key is the Session and after submitting the form, the keys don't match anymore. After digging further and further, I finally discovered my fault: in my layout I was calling an not-existing javascriptfile, which caused an error for non-existing JsController. The ErrorHandler then creates a new AppController, which causes the token to be overwritten. This also means that it is not possible to have two separate forms open in the same session, the last one opened will overwrite the key form the first one, which will cause an error when that is submitted. This may be a nice addition for the SecurityComponent? Anyway, I hope this helps anyone who is having the same problems :) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
