On 18.11.2010 17:03, Michael wrote: > Since this > https://github.com/fabpot/symfony/commit/a198bbcf43f2b2d4d671046f55f6e4f615829c73 > commit I keep getting an exception "The session must be started in > order to generate a proper CSRF Token". > Wouldn't it better to just start the session instead of throwing an > error? or if I should start it, where is the best place to put it?
The thing is that CSRF protection, without session information, is basically impossible. So you have two options. Either you turn off the CSRF security on that form ($form->disableCsrfProtection()), or you start the session before using the Form, with $request->getSession()->start() or the like. Cheers -- Jordi Boggiano @seldaek :: http://seld.be/ -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
