ajoo Posted March 6, 2018 Share Posted March 6, 2018 (edited) Hi all ! I am using this tutorial and I am modifying it to include csrf protection. The index.php uses getToken(); to generate an anti-csrf token which is then inserted in the form as a hidden input field as below: <tr> <td> <select id="country_dropdown" > <option value="-1">Select country</option> <?php while($stmt->fetch()) { ?> <option value="<?php echo $country_id ?>"><?php echo $country_name ?></option } <?php // token added as hidden field echo '<input type = "hidden" name = "token" value = "'.$_SESSION['token'].'" />'; ?> </select> </td> </tr> <tr> <td> <select id="state_dropdown" > <?php echo $_SESSION['token']; // debug ?> <option value="-1">Select state</option> </select> <?php // The token does not change even when it is changed in loaddata.php. The change values // does not get reflected here. So adding the below code is useless, so commented out. // echo '<input type = "hidden" name = "token" value = "'.$_SESSION['token'].'" />'; ?> <span id="state_loader"></span> </td> </tr> This scheme works if the same token is to be used for all drop downs. If I change destroy and change the token in loaddata.php, the ajax response file, where the data is sent and received from for proceeding to the next drop-down, the change in the token value is not reflected in the index.php since, i guess, that file is not refreshed to load the new token value. So how can I make this work? Please help. Thanks ! Edited March 6, 2018 by ajoo Quote Link to comment Share on other sites More sharing options...
requinix Posted March 6, 2018 Share Posted March 6, 2018 Only set/change the token when the page is loaded. Or modify your AJAX so that it returns the new token, however that tutorial you're following isn't good enough for you to do this approach. You'd have to make a number of changes. Quote Link to comment Share on other sites More sharing options...
ajoo Posted March 7, 2018 Author Share Posted March 7, 2018 Hi requinix ! Thanks for the reply. I think maybe I was not able to explain the problem clearly enough. As t happens I needed to make only a few changes in the code in loaddata.php and jquery to get it working. Thanks you. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.