From 9805ecce97dbd3f60891c19f27111f75851bd666 Mon Sep 17 00:00:00 2001
From: Eric Barnes <eric@ericlbarnes.com>
Date: Sun, 16 Jan 2011 23:35:16 -0500
Subject: Added access scope to security library and added config options for
 csrf protection

---
 application/config/config.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'application/config/config.php')

diff --git a/application/config/config.php b/application/config/config.php
index 5c6cc0aec..e22199685 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -286,9 +286,15 @@ $config['global_xss_filtering'] = FALSE;
 | Enables a CSRF cookie token to be set. When set to TRUE, token will be
 | checked on a submitted form. If you are accepting user data, it is strongly
 | recommended CSRF protection be enabled.
+|
+| 'csrf_token_name' = The token name
+| 'csrf_cookie_name' = The cookie name
+| 'csrf_expire' = The number in seconds the token should expire.
 */
-$config['csrf_protection'] = FALSE;
-
+$config['csrf_protection'] = TRUE;
+$config['csrf_token_name'] = 'csrf_test_name';
+$config['csrf_cookie_name'] = 'csrf_cookie_name';
+$config['csrf_expire'] = 7200;
 
 /*
 |--------------------------------------------------------------------------
-- 
cgit v1.2.3-24-g4f1b