Merge remote-tracking branch 'upstream/develop' into develop-db-oci8

author: Andrey Andreev <narf@bofh.bg> 2012-01-08 04:23:07 +0100
committer: Andrey Andreev <narf@bofh.bg> 2012-01-08 04:23:07 +0100
commit: 3c7c461a93145b045ba688585a5b606e28b7d7cb (patch)
tree: 349412385e03bab484bbbcf306a2b1d3d59988a7 /system/core/Security.php
parent: 92849d9cc553693a3eda5efb6a648187f6ce6064 (diff)
parent: 352d60e9f3a65def29e02a4507ef742eac255333 (diff)
1 files changed, 8 insertions, 3 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 272a8bf3f..f7998da60 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -180,9 +180,14 @@ class CI_Security {
 		// polute the _POST array
 		unset($_POST[$this->_csrf_token_name]);
 
-		// Nothing should last forever
-		unset($_COOKIE[$this->_csrf_cookie_name]);
-		$this->_csrf_hash = '';
+		// Regenerate on every submission?
+		if (config_item('csrf_regenerate'))
+		{
+			// Nothing should last forever
+			unset($_COOKIE[$this->_csrf_cookie_name]);
+			$this->_csrf_hash = '';
+		}
+		
 		$this->_csrf_set_hash();
 		$this->csrf_set_cookie();
author	Andrey Andreev <narf@bofh.bg>	2012-01-08 04:23:07 +0100
committer	Andrey Andreev <narf@bofh.bg>	2012-01-08 04:23:07 +0100
commit	3c7c461a93145b045ba688585a5b606e28b7d7cb (patch)
tree	349412385e03bab484bbbcf306a2b1d3d59988a7 /system/core/Security.php
parent	92849d9cc553693a3eda5efb6a648187f6ce6064 (diff)
parent	352d60e9f3a65def29e02a4507ef742eac255333 (diff)