From d93e6f3890fd50b9aaf1e116fa8ceb7e3f0caa05 Mon Sep 17 00:00:00 2001
From: Chris Berthe <chrisberthe@gmail.com>
Date: Sun, 25 Sep 2011 10:33:25 -0400
Subject: Fix #484 - Hash is never set to the cookie

---
 system/core/Security.php  | 3 ++-
 user_guide/changelog.html | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/system/core/Security.php b/system/core/Security.php
index 6c4c59057..84ecb06db 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -886,7 +886,8 @@ class CI_Security {
 				return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name];
 			}
 
-			return $this->_csrf_hash = md5(uniqid(rand(), TRUE));
+			$this->_csrf_hash = md5(uniqid(rand(), TRUE));
+			$this->csrf_set_cookie();
 		}
 
 		return $this->_csrf_hash;
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 6b4e83c2f..fc1eb46b3 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -135,6 +135,7 @@ Change Log
 	<li>Fixed a bug (#82) - WHERE clause field names in the DB <samp>update_string()</samp> method were not escaped, resulting in failed queries in some cases.</li>
 	<li>Fixed a bug (#89) - Fix a variable type mismatch in DB <samp>display_error()</samp> where an array is expected, but a string could be set instead.</li>
 	<li>Fixed a bug (#467) - Suppress warnings generated from get_magic_quotes_gpc() (deprecated in PHP 5.4)</li>
+	<li>Fixed a bug (#484) - First time _csrf_set_hash() is called, hash is never set to the cookie (in Security.php).</li>
 </ul>
 
 <h2>Version 2.0.3</h2>
-- 
cgit v1.2.3-24-g4f1b