Codeigniter csrf protection error:

Question

I Am using CI 2. I have enabled CSRF protection in the config file:

$config['csrf_protection']   =  TRUE;
$config['csrf_token_name']   =  'sitename';
$config['csrf_cookie_name']  =  'sitename';
$config['csrf_expire']       =  7200; 

I am using Codeigniter forms only. Sometimes I get the error “you are not authorized to perform this action” wile submitting forms or login.

If I refresh and try again then every thing works fine. Why is this happening?

Answer 1

You can make a JS confirm box triggering upon the cookie expiring time, asking the user to extend his session. I think that's the most elegant solution you can get if you want to keep using the CSRF.

Answer 2

Well this happens because your CSRF token expires, its the proper process, increase the CSRF token expiry time from 7200 seconds to something more relevant to your needs (7200 / 60 / 60 = 2 hours).

Read up a bit more on what CSRF does for you here:
http://en.wikipedia.org/wiki/Cross-site_request_forgery