I am using codeigniter 3 and I use database settings for cookies and CRSF is active. My site is using SSL as well. I have been having issue where sometimes my forms and AJAX work fine and sometimes I receive "The action you have requested is not allowed." errors.
I noticed that my form/AJAX submissions work fine in some browsers and not others and I finally figured out it is because of my cookie settings.
I accept cookies in Chrome and not in Firefox and my site works as designed in Chrome.
Is there a way to have my browser setting remain at "do not accept cookies" and still use Codeignier with CSRF? Below are my config settings. As I mentioned my code works just fine in browsers where I accept cookies.
I noticed that my form/AJAX submissions work fine in some browsers and not others and I finally figured out it is because of my cookie settings.
I accept cookies in Chrome and not in Firefox and my site works as designed in Chrome.
Is there a way to have my browser setting remain at "do not accept cookies" and still use Codeignier with CSRF? Below are my config settings. As I mentioned my code works just fine in browsers where I accept cookies.
Code:
$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 0;
$config['sess_save_path'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
$config['cookie_prefix'] = '';
$config['cookie_domain'] = '.mysite.com';
$config['cookie_path'] = '/';
$config['cookie_secure'] = FALSE;
$config['cookie_httponly'] = FALSE;
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'msmm_tn';
$config['csrf_cookie_name'] = 'msmm_cn';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();