Use something else than the session_id to generate the CSRF token
maybe ?
Or increase the session timeout ;)
what about functional tests with captcha ?
On Aug 6, 7:57 am, mlu...@gmail.com mlu...@gmail.com wrote:
Don't you really have an opinion about this?
I'm sure you have ;-)
On 4 Aug.,
For functional tests i turn off captcha in general.
I do test them manually.
Isn't the way how the token is generated implemented in the symfony
framework?
I don't want to make any changes in the framework, because it leads to
problems when updating the framework.
Can I control this part?
On 6
If you want to override the way CSRF token is created in a clean
manner, you can override the getCsrfToken method in your BaseForm
class.
protected function getCsrfToken()
{
return md5($this-
csrfSecret.session_id().get_class($this)); // or whatever else you
want
}
The
Thx!
Yes, this helps :-)
regards,
michael
On 6 Aug., 13:24, Florian sideral.undergro...@gmail.com wrote:
If you want to override the way CSRF token is created in a clean
manner, you can override the getCsrfToken method in your BaseForm
class.
protected function getCsrfToken()
{
Don't you really have an opinion about this?
I'm sure you have ;-)
On 4 Aug., 16:44, mlu...@gmail.com mlu...@gmail.com wrote:
Hi!
I want to show you my attempt of a security/form strategy and want to
know what you are thinking about it.
*The problem:*
If I read the source correct the