weixin_33730836 2017-11-07 13:22 采纳率: 0%
浏览 47

CodeIgniter和CSRF

When a user is logged in, he can perform a search with a small form. This is an AJAX request to a controller. I can perform this action multiple times. However, when I try to reload the page, the user is logged out and needs to be logged in again.

This is my JS:

var CFG = {
        url: '<?php echo $this->config->item('base_url'); ?>',
        token: '<?php echo $this->security->get_csrf_hash(); ?>'
};


$(function() 
{

    $('#personen_search_result').hide();
    $('#search_alert').hide();

    $.ajaxSetup(
    {
        data: 
        {
            token:CFG.token
        }
    });

    $(document).ajaxSuccess(function(e,x)
    {
        var result = $.parseJSON(x.responseText);
        $('input:hidden[name="token"]').val(result.token);
        $.ajaxSetup(
        {
            data: 
            {
                token: result.token
            }
        });
    });


    $( "#submit_personen" ).click(function(event) 
    {


        event.preventDefault();

        var namelast        = $('#namelast').val();
        var dateofbirth     = $('#dateofbirth').val();
        var rijksregisternr = $('#rijksregisternr').val();
        var email           = $('#email').val();
        var hosid           = <?php echo $this->session->hosid; ?>;


        $.ajaxSetup(
        {
            data:
            {
                nameLast: namelast,
                dateofBirth: dateofbirth,
                rijksregisterNr: rijksregisternr,
                email: email, 
                hosid: hosid
            }
        });

        $('#table_personen').html("");
        $('#search_alert').html("").hide();

        $.post(CFG.url + 'persoon/js_retrieve', function(data)
        {

            if(data['status']   == 200)
            {
                var personenrows        = data['html'];
                $('#table_personen').append (personenrows);

                if (!$('#personen_search_result').is(':visible'))
                    $('#personen_search_result').slideToggle();
            }
            else if (data['status'] == 400)
            {
                var message         = data['html'];
                $('#search_alert').append(message);

                if (!$('#search_alert').is(':visible'))
                    $('#search_alert').slideToggle();
            }
        }, 'json');


    });
});

And this is my controller:

public function js_retrieve()
{

    // Data preperations

    // Query Builder



    if ($result->num_rows() == 0)
    {

        // No result: error message
        $data['html']       = '<span class="alert">Geen personen gevonden.</span>';
        $data['status']     = 400;
    }
    else
    {

        // Good result, show list in table
        // table header 
        $html               = '<thead class="thead-light"><tr><th>Naam</th>th>Voornaam</th><th>Geboortedatum</th><th>Rijksregister</th><th>status</th></tr><tbody>';

        // create rows
        foreach ($result->result_array() as $row)
        {
            $html           .= 
                '<tr>/
<td><a href="'. base_url( 'persoon/detail/' .$row['id']  ) .'">' . $row['NameLast'] .', '. $row['NameFirst'] . '</a></td>/
<td>' . $row['DateofBirth'] . '</td>/
<td>' . $row['RijksRegisterNumber'] . '</td>/
<td>' . $row['Status'] . '</td></tr>';
        }

        // close body
        $data['html']       = $html . '</tbody>';

        // status
        $data['status']     = 200;
    }



    // Set CSRF token hash & headers        
    $data['oldtoken']       = $this->input->post('token');
    $data['token']          = $this->security->get_csrf_hash();

    if (!headers_sent())
    {
        header('Cache-Control: no-cache, must-revalidate');
        header('Expires: ' . date('r'));
        header('Content-type: application/json');
    }

    // return result
    exit( json_encode($data , JSON_FORCE_OBJECT) );
}

Anyone that can give me some guidance?

PS: These are my configs:

$config['csrf_token_name'] = 'token';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = FALSE;
$config['csrf_exclude_uris'] = array();
  • 写回答

1条回答 默认 最新

  • weixin_33716941 2017-12-06 02:48
    关注

    This is not so much of an answer as it is a troubleshooting test too long for a comment. Try this:

    $this->output->set_header('Cache-Control: no-store, no-cache, must-revalidate');
    $this->output->set_content_type('application/json');
    $this->output->set_output(json_encode($data, JSON_FORCE_OBJECT));
    $this->output->_display();
    exit;
    
    评论

报告相同问题?

悬赏问题

  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题