Merge pull request #850 from RS71/develop

CSRF optional token regeneration
author: Phil Sturgeon <email@philsturgeon.co.uk> 2012-01-08 04:02:46 +0100
committer: Phil Sturgeon <email@philsturgeon.co.uk> 2012-01-08 04:02:46 +0100
commit: 352d60e9f3a65def29e02a4507ef742eac255333 (patch)
tree: 5b312692feeb7b55fdc0a0857b01c9549c214e34 /application/config/config.php
parent: 306e83a98127ef57cc020d183a184f7fd95df96e (diff)
parent: 0fc6409cae13c6be6749e1f160a144fc90713f8b (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/application/config/config.php b/application/config/config.php
index bb35324c3..17b854b29 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -326,12 +326,14 @@ $config['global_xss_filtering'] = FALSE;
 | 'csrf_token_name' = The token name
 | 'csrf_cookie_name' = The cookie name
 | 'csrf_expire' = The number in seconds the token should expire.
+| 'csrf_regenerate' = Regenerate token on every submission
 | 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks
 */
 $config['csrf_protection'] = FALSE;
 $config['csrf_token_name'] = 'csrf_test_name';
 $config['csrf_cookie_name'] = 'csrf_cookie_name';
 $config['csrf_expire'] = 7200;
+$config['csrf_regenerate'] = TRUE;
 $config['csrf_exclude_uris'] = array();
 
 /*
author	Phil Sturgeon <email@philsturgeon.co.uk>	2012-01-08 04:02:46 +0100
committer	Phil Sturgeon <email@philsturgeon.co.uk>	2012-01-08 04:02:46 +0100
commit	352d60e9f3a65def29e02a4507ef742eac255333 (patch)
tree	5b312692feeb7b55fdc0a0857b01c9549c214e34 /application/config/config.php
parent	306e83a98127ef57cc020d183a184f7fd95df96e (diff)
parent	0fc6409cae13c6be6749e1f160a144fc90713f8b (diff)