php - CSRF token in Yii timing out? -


my csrf token seems timing out. there way prevent this?

i have single page app frontend written in angularjs. part, csrf token's validate fine , can confirm send token in through every request. however, see errors server saying "the csrf token not verified". not understand internals of how csrf token verified, there reason why happening?

our application international, because of our server infrastructure there slowdown in geographical areas. i've noticed (just ad-hoc) if, example, user uploading file , request takes longer usual, chances of csrf token being invalid higher.

would love hear ideas this! in advance!

i think yii validing csrf against cookie, try extending chttprequest base class , validate against session. leads varying session time out against csrf validity.

class httprequest extends chttprequest {     public function getcsrftoken()         {             if ($this->_csrftoken === null) {                 $session = yii::app()->session;                 $csrftoken = $session->itemat($this->csrftokenname);                 if ($csrftoken === null) {                     $csrftoken = sha1(uniqid(mt_rand(), true));                     $session->add($this->csrftokenname, $csrftoken);                 }                 $this->_csrftoken = $csrftoken;             }              return $this->_csrftoken;         }          public function validatecsrftoken($event)         {             if ($this->getispostrequest()) {                 // validate post requests                 $session = yii::app()->session;                  $headers = common::getallheaders();                  if ($session->contains($this->csrftokenname) && (isset($_post[$this->csrftokenname]) || isset($headers['x-csrf-token']))) {                     $tokenfromsession = $session->itemat($this->csrftokenname);                     $tokenfrompost = isset($_post[$this->csrftokenname]) ? $_post[$this->csrftokenname] : $headers['x-csrf-token'];                     $valid = $tokenfromsession === $tokenfrompost;                 } else {                     $valid = false;                 }                 if (!$valid) {                     header("location: " . yii::app()->createabsoluteurl(yii::app()->request->url));                 }             }         } }

and use in config file:

'request' => array(             'enablecsrfvalidation' => true,             'class' => 'httprequest',              'csrfcookie' => array(                 'httponly' => true,                 'secure' => true             ),

note: donot copy , paste content. modify per need. start. hope understand problem.


Comments

Post a Comment

Popular posts from this blog

cakephp - simple blog with croogo -

i not problem, made simple blog in croogo, problem is not adding or modifying or delete, because arabic language ?? function add in controller `public function admin_add() { $this->set('title_for_layout', __('add part')); if (!empty($this->request->data)) { $this->part->create(); if ($this->part->save($this->request->data)) { $this->session->setflash(__('the part has been saved'), 'default', array('class' => 'success')); $this->redirect(array('action' => 'index'));//, $this->part->id)); } else { $this->session->setflash(__('the part not saved. please, try again.'), 'default', array('class' => 'error')); } } }` => model `class part extends appmodel { public $name = 'part'; var $belongst...
Read more

How to group boxplot outliers in gnuplot -

i have large set of data points. try plot them boxplot, of outliers exact same value , represented on line beside each other. found how set horizontal distance between outliers in gnuplot boxplot , doesn't much, apparently not possible. is possible group outliers together, print 1 point , print number in brackets beside indicate how many points there are? think make more readable in graph. for information, have 3 boxplots 1 x value , times 6 in 1 graph. using gnuplot 5 , played around pointsize, doesn't reduce distance anymore. hope can help! edit: set terminal pdf set output 'dat.pdf' file0 = 'dat1.dat' file1 = 'dat2.dat' file2 = 'dat3.dat' set pointsize 0.2 set notitle set xlabel 'x' set ylabel 'y' header = system('head -1 '.file0); n = words(header) set xtics ('' 1) set [i=1:n] xtics add (word(header, i) i) set style data boxplot plot file0 using (1-0.25):1:(0.2) boxplot lw 2 lc rgb '#8b0000...
Read more

bash - Performing variable substitution in a string -

i have string contains use of variable, , i'd substitute variable's value string. right best have is #!/bin/bash foo='$name; echo bar' name="the name" expanded="$(eval echo "$foo")" echo "$expanded" which has obvious defects: prints the name bar while i'd print the name; echo bar instead of eval can bash's regex matching bash's string replacement: foo='$name; echo bar' name="the name" [[ "$foo" =~ \$([[:alnum:]]+) ]] && s="${!bash_rematch[1]}" && expanded="${foo/\$${bash_rematch[1]}/$s}" echo "$expanded" name; echo bar
Read more