symfony1 icon indicating copy to clipboard operation
symfony1 copied to clipboard

Published 20 hours ago verified publisher icon FriendsOfSymfony1

CSRF not refreshed

Open michilehr opened this issue 9 years ago • 3 comments

Hi everybody,

at first I want to thank everybody behind this project! Awesome work.

I have a question:

A user clicks on a form, enters his data and sends the form after the session has expired. Maybe he was on the phone, closed his laptop or whatever. When he comes back, he posts the form which results in a csrf validation error. Now the csrf token will still be the old one on the form with the error. In Symfony2, the user will have the new token so he can post the form with the data already entered.

What's your opinion on this behaviour?

Cheers Michi

michilehr avatar Oct 07 '16 07:10 michilehr

Well, if you got time to backport the behavior from Symfony2 you can open a PR. Or maybe you should upgrade your project to Symfony 2 :)

j0k3r avatar Oct 07 '16 08:10 j0k3r

@j0k3r Thanks for your reply. This was not a feature request. I just wanted to get feedback on the behaviour :)

michilehr avatar Oct 07 '16 08:10 michilehr

Hello @michilehr,

Thank you to take time to share this issue.

As a security related issue we need to be very careful about it.

Can you share us the reference on Symfony4 about this behaviour?

alquerci avatar Nov 10 '18 17:11 alquerci