summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
diff options
context:
space:
mode:
authorPhil Sturgeon <email@philsturgeon.co.uk>2012-01-08 04:02:46 +0100
committerPhil Sturgeon <email@philsturgeon.co.uk>2012-01-08 04:02:46 +0100
commit352d60e9f3a65def29e02a4507ef742eac255333 (patch)
tree5b312692feeb7b55fdc0a0857b01c9549c214e34 /system/core/Security.php
parent306e83a98127ef57cc020d183a184f7fd95df96e (diff)
parent0fc6409cae13c6be6749e1f160a144fc90713f8b (diff)
Merge pull request #850 from RS71/develop
CSRF optional token regeneration
Diffstat (limited to 'system/core/Security.php')
-rwxr-xr-xsystem/core/Security.php11
1 files changed, 8 insertions, 3 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 272a8bf3f..f7998da60 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -180,9 +180,14 @@ class CI_Security {
// polute the _POST array
unset($_POST[$this->_csrf_token_name]);
- // Nothing should last forever
- unset($_COOKIE[$this->_csrf_cookie_name]);
- $this->_csrf_hash = '';
+ // Regenerate on every submission?
+ if (config_item('csrf_regenerate'))
+ {
+ // Nothing should last forever
+ unset($_COOKIE[$this->_csrf_cookie_name]);
+ $this->_csrf_hash = '';
+ }
+
$this->_csrf_set_hash();
$this->csrf_set_cookie();