Ajax CSRF 403 Forbidden Codifier

Question

Ajax CSRF 403 Forbidden Codifier

Hello, I am calling the controller to get the section using AJAX in my encoder based application that has CSRF Enable

my ajax code

$('#classes').change(function(){ $classes=$(this).val(); $.ajax({ type:"POST", data:{ '<?php echo $this->security->get_csrf_token_name(); ?>' : '<?php echo $this->security->get_csrf_hash(); ?>', 'class':$classes }, url:"<?php echo base_url();?>index.php/admin/getsection/"+$classes, success:function(return_data) { //alert(return_data); $('#section').html(''); $('#section').html(return_data); $('#section').val(section); } });

When I first call the ajax function, it will work fine. but when I run the same function again, it will return a 403 forbidden error.

Please advise what I do

+5

jquery ajax php codeigniter csrf

Cool perfectionist Sep 09 '15 at 11:29

source share

1 answer

Quentin · Accepted Answer · 2015-09-09T11:47:35+0000

From the docs :

Tokens can either be regenerated at each presentation (by default), or stored the same way throughout the CSRF cookie. Default token regeneration provides more stringent security, but can lead to usability problems as other tokens become invalid (reverse / advanced navigation, multiple tabs / windows, asynchronous actions , etc.). You can change this behavior by editing the following configuration parameter
 $config['csrf_regenerate'] = TRUE; 

Set to FALSE.

Ajax CSRF 403 Forbidden Codifier

More articles: