Yii2 Bad request from CSRF if page is inactive

Question

Yii2 Bad request from CSRF if page is inactive

I got a bad request error if the page was idle even for short periods of time (<5 minutes), which creates a bad user experience. Is there a way to make the CSRF key work even if the page is inactive?

+3

php yii2 csrf

Michael st clair 09 Aug At 4:25 am

source to share

1 answer

Blizz · Accepted Answer · 2015-08-10T06:10:16+0000

(I am assuming there is no other request to your server from another browser window / tab, because that might change the CSRF as well)

The current CSRF is either stored in its own cookie or in the session. So basically it will expire if it has expired.

Basically, if you used Request::enableCsrfCookie

(which is the default), be sure to update the options Request::csrfCookie

that will expire later (you can add for that 'expire'

). The main value for this should be "session" (until the browser window is closed).

If you don't use this and the CSRF is stored in the session, you will have to activate the session TTL.

Yii2 Bad request from CSRF if page is inactive

More articles: