Hello everyone.
Im trying to get CSRF working on my web application, but it only seems to work when using Firefox.
In my config, i have:
'request' => array(
'class' => 'CHttpRequest',
'enableCookieValidation' => true,
'enableCsrfValidation' => !isset($_POST['dontvalidate']) ? true : false,
'csrfCookie' => array( 'domain' => '.' . $current_domain )
),
When i run my application, it only creates the YII_CSRF_TOKEN cookie when using Firefox as browser. If I try to submit a login form in Chrome or IE, it simply says:
"The CSRF token could not be verified."
Anyone who knows what I am missing?
Please give me a clue
Best
Andreas