CsrfToken Constructor mis-using Segment accessor method

Question

CsrfToken Constructor mis-using Segment accessor method

Closed this issue 10 years ago · 3 comments

Like the title says, when the CsrfToken constructor is checking for an existing csrf token value, it's written as if Segment defines a __get method, but Segment has a regular get() method instead.

As a result, every time $session->getCsrfToken() is called, the token fails to find it's previous value from the session, and generates a new one...so no value can ever pass a $token->isValid() check.

Answer 1 · 2014-08-09T03:33:42.000Z

Thank you @alc for reporting.

Plese see the patch, which will resolve the issue.

Thanks

Answer 2 · 2014-08-09T14:07:06.000Z

Thanks guys for the quick fix. I've really enjoyed using the v2 packages so far. Cheers for all your hard work!

Answer 3 · 2014-08-09T14:23:28.000Z

You are welcome 👍 and thanks for using aura. Please join google groups if you are not there https://groups.google.com/d/forum/auraphp .

Thank you