merged branch frosas/start-session-on-generate-csrf-token (PR #4781)
Commits
-------
6d94f3e
Ensure there is a session before getting the session id
Discussion
----------
[Form] Ensure there is a session before getting the session id
Solves "The CSRF token is invalid. Please try to resubmit the form" error when a form is generated before the session is started.
---------------------------------------------------------------------------
by fabpot at 2012-07-09T10:23:32Z
Adding a CSRF token only makes sense if you are on a page with a "user". If not (and if you don't use HTTP auth or whatever), then there is no need for a CSRF token.
---------------------------------------------------------------------------
by frosas at 2012-07-09T14:42:40Z
This PR doesn't change any logic on whether a CSRF token is added or not, it just fixes a bug when a token is requested.
This commit is contained in:
commit
8680571df0
@ -50,6 +50,8 @@ class SessionCsrfProvider extends DefaultCsrfProvider
|
||||
*/
|
||||
protected function getSessionId()
|
||||
{
|
||||
$this->session->start();
|
||||
|
||||
return $this->session->getId();
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user