CSRF Validation

Hello everyone.

Im trying to get CSRF working on my web application, but it only seems to work when using Firefox.

In my config, i have:

	'request' => array(

               'class' => 'CHttpRequest',

               'enableCookieValidation' => true,

               'enableCsrfValidation' => !isset($_POST['dontvalidate']) ? true : false,

               'csrfCookie' => array( 'domain' => '.' . $current_domain )


When i run my application, it only creates the YII_CSRF_TOKEN cookie when using Firefox as browser. If I try to submit a login form in Chrome or IE, it simply says:

               "The CSRF token could not be verified."

Anyone who knows what I am missing?

Please give me a clue ;)




Try something else than that.

Yep, it’s localhost. Why shouldn’t it be possible to create the CSRF-cookie-token localhost?

I will try something else.

IE and Chrome does not accept cookies from localhost.

Try setting up a virtual host:


Of course :slight_smile:

Thank you very much for helping me!