Any one have any idea how to fix this issue ?
Thanks,
Mandar
On Thursday, 17 April 2014 15:27:26 UTC+1, Mandar P wrote:
-- Thanks,
Mandar
On Thursday, 17 April 2014 15:27:26 UTC+1, Mandar P wrote:
Hi,
Im using 2.5 to build simple crud application with csrf enabled.
When using php based sessions everything works fine but changing it to database sessions csrf black-hole occurs on edit form submission. Please note that add form works absolutely fine irrespective of php/db based session.
Looking at request and session data i found that SecurityComponent::_validateCsrf() method fails as data passed in $controller->request->data('_ Token.key') is not found in data read from $this->Session->read('_Token')
I think :
1> either session is not being updated correctly with token key value when form is created
or
2> request data is tampered before it reaches security component
I suspect problem is no.1 as forms work correctly when php based sessions are used.
Im also using debugkit and passwordHasher => Blowfish in app controller
Any one have any ideas?
Thanks,
Mandar
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment