Thanks for your awesome library works great with forms but not well with Ajax request and here's what i mean. An example has been sighted #15
If i had an ajax form, on submit... it validates ok and that token is expired from the session etc. But what if the user had entered the wrong information and i needed to submit again with refresh. This becomes a problem. I was able to fix this situation for myself by doing this;
function validateRequest( boolean $is_async = false ) .......... if ( ! $is_async ) { if ($this->deleteToken($sess[$index])) { unset($sess[$index]); } }
Now, if my endpoint is access only via ajax i do $csrf->validateRequest( true );
This way, it doesn't expire the token and index. But when i refresh the form manually, i first unset( $_SESSION['CSRF'] so a new hidden token and index is created.
Is this worth adding to the core, for other users?
Thanks for your awesome library works great with forms but not well with Ajax request and here's what i mean. An example has been sighted #15
If i had an ajax form, on submit... it validates ok and that token is expired from the session etc. But what if the user had entered the wrong information and i needed to submit again with refresh. This becomes a problem. I was able to fix this situation for myself by doing this;
function validateRequest( boolean $is_async = false ) .......... if ( ! $is_async ) { if ($this->deleteToken($sess[$index])) { unset($sess[$index]); } }Now, if my endpoint is access only via ajax i do $csrf->validateRequest( true );
This way, it doesn't expire the token and index. But when i refresh the form manually, i first unset( $_SESSION['CSRF'] so a new hidden token and index is created.
Is this worth adding to the core, for other users?