Bug: The lifetime of the CSRF check cookie cannot be set to 0 (Session). #3655

lf-uraku-yuki · 2020-09-18T06:06:11Z

Describe the bug
The lifetime of the CSRF check cookie cannot be set to 0 (Session).
Probably because the current time and the set value are added.

\Config\App.php

public $CSRFExpire = 0;
public $CSRFRegenerate = false;

CodeIgniter 4 version
4.0.4

Affected module(s)
CodeIgniter\Security\Security::CSRFSetCookie

Expected behavior, and steps to reproduce if appropriate
If 0 is specified, it will not be added to time () .

Context

OS: Windows 10Pro 2004 64bit
Web server: php spark serve
PHP version: 7.4.10 Thread Safe 64bit

The text was updated successfully, but these errors were encountered:

If CSRFExpire specifies 0, set 0 as it is. fix: codeigniter4#3655

lf-uraku-yuki added the bug Verified issues on the current code behavior or pull requests that will fix them label Sep 18, 2020

lf-uraku-yuki added a commit to lf-uraku-yuki/CodeIgniter4 that referenced this issue Sep 18, 2020

If CSRFExpire specifies 0, set 0 as it is

0187041

If CSRFExpire specifies 0, set 0 as it is. fix: codeigniter4#3655

lf-uraku-yuki mentioned this issue Sep 18, 2020

If CSRFExpire specifies 0, set 0 as it is #3656

Merged

5 tasks

michalsn closed this as completed in #3656 Sep 19, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bug: The lifetime of the CSRF check cookie cannot be set to 0 (Session). #3655

Bug: The lifetime of the CSRF check cookie cannot be set to 0 (Session). #3655

lf-uraku-yuki commented Sep 18, 2020

Bug: The lifetime of the CSRF check cookie cannot be set to 0 (Session). #3655

Bug: The lifetime of the CSRF check cookie cannot be set to 0 (Session). #3655

Comments

lf-uraku-yuki commented Sep 18, 2020