Yii Framework Forum

CSRF validation issues!


(dmarcos) #1

Hi, I am currently facing a weird issue with the CSRF token, and can’t find the cause.

On the post, I see a correct token, but the cookie value is something like:

'YII_CSRF_TOKEN' => 'c738198d3b6ebe873b0b55b01d3059affc98cc94s:40:\"5f99522748b2fc1704a73a335f0df9645a97c0c7\";'

Im on v1.1

Any clue? idea??
Thanks in advance!!


(Alexander Makarov) #2

In the cookie it is signed and serialized so it doesn’t match 1:1. Do you have any issue with it as a user?


(dmarcos) #3

Hi Alexander, thanks for your reply.
I am not 100% sure what you meant, but the problem i am having is:

On the POST request, I see the token is correct:
422ff7051a817c3f333841cd4adfbde641be623ds

But the value on the cookie, some times looks something like:
422ff7051a817c3f333841cd4adfbde641be623ds:40:“a2a26576e1c6d919d4861a5d256cd45a96eb3995”;

So it looks like the getCsrfToken() is failing and im concatenating a 2nd token to the original one.

Since the feature is not fully working yet, I am not throwing the exception to users (‘The CSRF token could not be verified.’), and instead of that I am logging this situations to control internally…

Hope it is more clear now, and thanks for helping!!
I have been dealing with this issue for couple weeks without success.

Damian


(dmarcos) #4