merged branch frosas/start-session-on-generate-csrf-token (PR #4781)
Commits
-------
6d94f3e
Ensure there is a session before getting the session id
Discussion
----------
[Form] Ensure there is a session before getting the session id
Solves "The CSRF token is invalid. Please try to resubmit the form" error when a form is generated before the session is started.
---------------------------------------------------------------------------
by fabpot at 2012-07-09T10:23:32Z
Adding a CSRF token only makes sense if you are on a page with a "user". If not (and if you don't use HTTP auth or whatever), then there is no need for a CSRF token.
---------------------------------------------------------------------------
by frosas at 2012-07-09T14:42:40Z
This PR doesn't change any logic on whether a CSRF token is added or not, it just fixes a bug when a token is requested.
This commit is contained in:
commit
8680571df0
@ -50,6 +50,8 @@ class SessionCsrfProvider extends DefaultCsrfProvider
|
|||||||
*/
|
*/
|
||||||
protected function getSessionId()
|
protected function getSessionId()
|
||||||
{
|
{
|
||||||
|
$this->session->start();
|
||||||
|
|
||||||
return $this->session->getId();
|
return $this->session->getId();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user