diff options
| author | Phil Sturgeon <email@philsturgeon.co.uk> | 2012-01-08 04:02:46 +0100 |
|---|---|---|
| committer | Phil Sturgeon <email@philsturgeon.co.uk> | 2012-01-08 04:02:46 +0100 |
| commit | 352d60e9f3a65def29e02a4507ef742eac255333 (patch) | |
| tree | 5b312692feeb7b55fdc0a0857b01c9549c214e34 /system/core/Security.php | |
| parent | 306e83a98127ef57cc020d183a184f7fd95df96e (diff) | |
| parent | 0fc6409cae13c6be6749e1f160a144fc90713f8b (diff) | |
Merge pull request #850 from RS71/develop
CSRF optional token regeneration
Diffstat (limited to 'system/core/Security.php')
| -rwxr-xr-x | system/core/Security.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 272a8bf3f..f7998da60 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -180,9 +180,14 @@ class CI_Security { // polute the _POST array unset($_POST[$this->_csrf_token_name]); - // Nothing should last forever - unset($_COOKIE[$this->_csrf_cookie_name]); - $this->_csrf_hash = ''; + // Regenerate on every submission? + if (config_item('csrf_regenerate')) + { + // Nothing should last forever + unset($_COOKIE[$this->_csrf_cookie_name]); + $this->_csrf_hash = ''; + } + $this->_csrf_set_hash(); $this->csrf_set_cookie(); |