CSRF Validation

Hello everyone.

Im trying to get CSRF working on my web application, but it only seems to work when using Firefox.

In my config, i have:

	'request' => array(


               'class' => 'CHttpRequest',


               'enableCookieValidation' => true,


               'enableCsrfValidation' => !isset($_POST['dontvalidate']) ? true : false,


               'csrfCookie' => array( 'domain' => '.' . $current_domain )


                              ),

When i run my application, it only creates the YII_CSRF_TOKEN cookie when using Firefox as browser. If I try to submit a login form in Chrome or IE, it simply says:

               "The CSRF token could not be verified."

Anyone who knows what I am missing?

Please give me a clue ;)

Best

Andreas

Localhost?

Try something else than that.

Yep, it’s localhost. Why shouldn’t it be possible to create the CSRF-cookie-token localhost?

I will try something else.

IE and Chrome does not accept cookies from localhost.

Try setting up a virtual host:

http://www.jacmoe.dk…e-virtual-hosts

Of course :slight_smile:

Thank you very much for helping me!