开发者

Zend_Form csrf validation for ajax queries

Here is how I add the csrf to the form

$this->addElement('hash', 'csrf', array('ignore' => false));

When this happens the session is created, Then when the user sends an ajax request, the values in the request are validated by creating an instance of the form, and the form is always valid for the 开发者_运维百科first ajax request since the beginning of initial request which created the html output,

When the ajax request has been sent for the second time something different happens,

That instance of the form has a different csrf value than the originally made one, and when my code is done, the originally created session is destroyed as well, so there is no session to check the received the values against, and hence the form doesn't validated and the following error occurs.

No token was provided to match against

Any ideas at which event, the csrf values of the form are automatically stored in the session?


The hash value is generated at render time and invalidated after the each request.

If you want to continue using Zend_Form_Element_Hash in your AJAX form where the form may submit several times, your AJAX response should include the new hash value. Upon receiving the response, you should update the form data.


There s a solution without any to render in the view : Totaly ajax ! How to use Zend Framework Form Hash (token) with AJAX

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜