Preventing cross-site request forgery
A cross-site request forgery is where an attacker pretends to be a user that the website recognizes (such as a logged-in user), and the attacker is then able to access a logged-in user's profile as though they were the genuine user. There is a wealth of technical information available, such as websites, books, and so on, on how that happens, which is why we're not going to look into that here. Instead, we're going to look at how CodeIgniter mitigates against cross-site request forgeries.
How to do it...
We're going to amend one file and create two files by performing the following steps:
- First, we need to amend some configuration items. To do that, we'll need to open the following file:
/path/to/codeigniter/application/config/config.php ...
Get CodeIgniter 2 Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
