For any queries you can reach us at / WhatsApp us: +919158876092

CSRF in CodeIgniter

Cross-site request forgery (CSRF)

You can enable CSRF protection by modifying your application/config/config.php file in the following way:

$config['csrf_protection'] = TRUE;

If you use the form helper, then form_open() function will automatically insert a hidden csrf field in your forms. If not, then you can use get_csrf_token_name() and get_csrf_hash() for csrf protection.

<input type="hidden" name="<?php echo $csrf['name'];?>" value="<?php echo $csrf['hash'];?>" />

By default regeneration of tokens provides stricter security, but may result in usability concerns as other tokens become invalid (back/forward navigation, multiple tabs/windows, asynchronous actions, etc). You can alter this behavior by editing the following config parameter

$config['csrf_regenerate'] = TRUE;