Stig Manning wrote: > I have run into this problem also, basically the only way I managed to > fix this was to remove CSRF protection for the login form. > I believe it is to do with how the global CSRF token is created, it is > using the session_id which is being reset by symfony. I would like to > know if anyone knows how to fix this. > >
Hi Grégoire, I have revisited this problem and the solution is very simple. Basically the problem is that you are processing the form submission as a login attempt, due to the login function executing because of the forward. The solution add a test to see if the post *doesn't* contain the login data. See below: $this->login_form = new LoginForm; //User is posting from another form (possibly due to session timeout), ignore this post if ($request->isMethod('post')&&!$request->hasParameter('login')) { return; } if ($request->isMethod('post')) { $this->login_form->bind($request->getParameter('login')); if ($this->login_form->isValid()) { $this->redirect('@account-index'); } } Hope this helps! Cheers, Stig --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---