Merge branch 'develop' of git://github.com/EllisLab/CodeIgniter into develop

author: Ronald Beilsma <beilsma@gmail.com> 2012-01-10 15:45:31 +0100
committer: Ronald Beilsma <beilsma@gmail.com> 2012-01-10 15:45:31 +0100
commit: 25dcb93d05bd098e89188ea0691adf72228bd131 (patch)
tree: 37d3d769f2e64bebb48a98378c7aee3ab4c17efe /system/core/Security.php
parent: db66eb38cfc4a2ab6c8816b8f7663211232d4f4e (diff)
parent: e9a5a862a1252548b463aa738e50e8d9bfd01379 (diff)
1 files changed, 9 insertions, 4 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 60a64f358..f7998da60 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -18,7 +18,7 @@
  *
  * @package		CodeIgniter
  * @author		EllisLab Dev Team
- * @copyright	Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/)
+ * @copyright	Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/)
  * @license		http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
  * @link		http://codeigniter.com
  * @since		Version 1.0
@@ -180,9 +180,14 @@ class CI_Security {
 		// polute the _POST array
 		unset($_POST[$this->_csrf_token_name]);
 
-		// Nothing should last forever
-		unset($_COOKIE[$this->_csrf_cookie_name]);
-		$this->_csrf_hash = '';
+		// Regenerate on every submission?
+		if (config_item('csrf_regenerate'))
+		{
+			// Nothing should last forever
+			unset($_COOKIE[$this->_csrf_cookie_name]);
+			$this->_csrf_hash = '';
+		}
+		
 		$this->_csrf_set_hash();
 		$this->csrf_set_cookie();
author	Ronald Beilsma <beilsma@gmail.com>	2012-01-10 15:45:31 +0100
committer	Ronald Beilsma <beilsma@gmail.com>	2012-01-10 15:45:31 +0100
commit	25dcb93d05bd098e89188ea0691adf72228bd131 (patch)
tree	37d3d769f2e64bebb48a98378c7aee3ab4c17efe /system/core/Security.php
parent	db66eb38cfc4a2ab6c8816b8f7663211232d4f4e (diff)
parent	e9a5a862a1252548b463aa738e50e8d9bfd01379 (diff)