I just checked locally on a new copy of CakePHP 2.5.0, and wasn't able to reproduce the issue.
-- I used a baked MVC, SecurityComponent and set 'defaults' => 'database' in core.php for the session setup.
-Mark
On Friday, 18 April 2014 18:09:23 UTC-4, Mandar P wrote:
On Friday, 18 April 2014 18:09:23 UTC-4, Mandar P wrote:
Any one have any idea how to fix this issue ?
Thanks,
Mandar
On Thursday, 17 April 2014 15:27:26 UTC+1, Mandar P wrote:Hi,
Im using 2.5 to build simple crud application with csrf enabled.
When using php based sessions everything works fine but changing it to database sessions csrf black-hole occurs on edit form submission. Please note that add form works absolutely fine irrespective of php/db based session.
Looking at request and session data i found that SecurityComponent::_validateCsrf() method fails as data passed in $controller->request->data('_ Token.key') is not found in data read from $this->Session->read('_Token')
I think :
1> either session is not being updated correctly with token key value when form is created
or
2> request data is tampered before it reaches security component
I suspect problem is no.1 as forms work correctly when php based sessions are used.
Im also using debugkit and passwordHasher => Blowfish in app controller
Any one have any ideas?
Thanks,
Mandar
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment