yii2 CSRF not working properly

Question

I copied create form code from view source when user use to logged in and then I created html file from copied code then I logged out and then logged in again. when i submited html file then system accept it witout any csrf checking. not sure where issue is. csrf is enabled also _csrf code also avaiable in view source too

<input type="hidden" name="_csrf" value="ttPy-NP-8FUCQxKczEWgkl66JQfb3JfJHwUOSsi9wjTxkp_LgKqxFFYBQu2iL8T2LIxpQ7Xuzo0ucEYfjPSUBg==">

@VipinMohan its post base and its also sending _csrf as hidden field — Anil Kumar, Feb 25 '18 at 12:18

score 0 · Answer 1 · answered Feb 25 '18 at 13:04

0

It resolved reason being it happend becuase csrf validation via cookie so it not clear cookie properly when user logged out. so easy solution for this is do changes in main.php

'request' => [
        'enableCsrfCookie' => false,
    ],

answered Feb 25 '18 at 13:04

Anil Kumar

701
11
28

yii2 CSRF not working properly

1 Answers1