Codeigniter CSRF – how does it work

by

The CSRF token is added to the form as a hidden input only when the form_open() function is used.

A cookie with the CSRF token’s value is created by the Security class, and regenerated if necessary for each request.

If $_POST data exists, the cookie is automatically validated by the Input class. If the posted token does not match the cookie’s value, CI will show an error and fail to process the $_POST data.

So basically, it’s all automatic – all you have to do is enable it in your $config['csrf_protection'] and use the form_open() function for your form.

A good article I found that explains it very well: https://beheist.com/blog/csrf-protection-in-codeigniter-2-0-a-closer-look.html

More Related Contents:

  1. Generating cryptographically secure tokens
  2. best practice to generate random token for forgot password
  3. CodeIgniter – why use xss_clean
  4. Why do I get this error on first load of website?
  5. Parse error: parse error, expecting `'{” in [closed]
  6. CodeIgniter removing index.php from url
  7. What are the best practices for avoiding xss attacks in a PHP site [closed]
  8. “Keep Me Logged In” – the best approach
  9. How safe are PHP session variables?
  10. Generating a random password in php
  11. Remove index.php From URL – Codeigniter 2
  12. Why is using a mysql prepared statement more secure than using the common escape functions?
  13. Header and footer in CodeIgniter
  14. How to create a laravel hashed password
  15. Do login forms need tokens against CSRF attacks?
  16. CodeIgniter PHP Framework – Need to get query string
  17. SSL operation failed with code 1: dh key too small
  18. How to add an ORDER BY clause using CodeIgniter’s Active Record methods?
  19. How can I Use Prepared Statements in CodeIgniter
  20. Retrieve JSON POST data in CodeIgniter
  21. How to create Codeigniter language files from database?
  22. Codeigniter multiple file upload messes file extension
  23. How to select rows where column value IS NOT NULL using CodeIgniter’s ActiveRecord?
  24. codeigniter check for user session in every controller
  25. Codeigniter CSRF valid for only one time ajax request
  26. How to make CodeIgniter accept “query string” URLs?
  27. How to stop GD2 from washing away the colors upon resizing images?
  28. Unique key generation
  29. How can I have CodeIgniter load specific pages using SSL?
  30. Is it possible to execute PHP with extension file.php.jpg?

Leave a Comment