Osclass forums

Support forums => Tips, tricks, and tutorials => Topic started by: AdrianOlmedo on July 20, 2016, 07:18:31 am

Title: How disable csrf token of osclass system?
Post by: AdrianOlmedo on July 20, 2016, 07:18:31 am

Each time the token period expires and the form is sent, show "CSRF Token invalid".
Why not automatically generates a new one?

Title: Re: How disable csrf token of osclass system?
Post by: _CONEJO on July 20, 2016, 09:43:41 am

Because the token protects you against CSRF attacks. It's based on the session time, so if the token is expired, your session should be too.
You could try putting a higher value for your session lifetime ( http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime ) this is on your php.ini configuration