Hi, I am currently facing a weird issue with the CSRF token, and can’t find the cause.
On the post, I see a correct token, but the cookie value is something like:
'YII_CSRF_TOKEN' => 'c738198d3b6ebe873b0b55b01d3059affc98cc94s:40:\"5f99522748b2fc1704a73a335f0df9645a97c0c7\";'
Im on v1.1
Any clue? idea??
Thanks in advance!!
In the cookie it is signed and serialized so it doesn’t match 1:1. Do you have any issue with it as a user?
Hi Alexander, thanks for your reply.
I am not 100% sure what you meant, but the problem i am having is:
On the POST request, I see the token is correct:
422ff7051a817c3f333841cd4adfbde641be623ds
But the value on the cookie, some times looks something like:
422ff7051a817c3f333841cd4adfbde641be623ds:40:“a2a26576e1c6d919d4861a5d256cd45a96eb3995”;
So it looks like the getCsrfToken() is failing and im concatenating a 2nd token to the original one.
Since the feature is not fully working yet, I am not throwing the exception to users (‘The CSRF token could not be verified.’), and instead of that I am logging this situations to control internally…
Hope it is more clear now, and thanks for helping!!
I have been dealing with this issue for couple weeks without success.
Damian
