Hello there!
I was having some issues with ajax and go forward/back in history and CSRF token.
So someone said to me "well maybe you csrf_regenerate to FALSE, you don't need always a new token".
My question here is: is this secure? It wont allow someone to send a javascript to my client with a loop doing something like this:
http://www.mywebsite.com/admin/states/delete/?id=1
http://www.mywebsite.com/admin/states/delete/?id=2
http://www.mywebsite.com/admin/states/delete/?id=3
http://www.mywebsite.com/admin/states/delete/?id=4
Another thing, my website won't log you out untill you ask for, so my $config['csrf_expire'] is 77760000;
Anyone can help me with this one?
I was having some issues with ajax and go forward/back in history and CSRF token.
So someone said to me "well maybe you csrf_regenerate to FALSE, you don't need always a new token".
My question here is: is this secure? It wont allow someone to send a javascript to my client with a loop doing something like this:
http://www.mywebsite.com/admin/states/delete/?id=1
http://www.mywebsite.com/admin/states/delete/?id=2
http://www.mywebsite.com/admin/states/delete/?id=3
http://www.mywebsite.com/admin/states/delete/?id=4
Another thing, my website won't log you out untill you ask for, so my $config['csrf_expire'] is 77760000;
Anyone can help me with this one?