Closed lynxcat closed 10 years ago
// We kill this since we're done and we don't want to // polute the _POST array unset($_POST[$this->_csrf_token_name]); // Nothing should last forever unset($_COOKIE[$this->_csrf_cookie_name]); $this->_csrf_set_hash(); $this->csrf_set_cookie();
$this->_csrf_hash 没有重置成空,调用_csrf_set_hash()之后每次对比后生成的value还是跟之前生成的是一样的。
https://github.com/EllisLab/CodeIgniter/pull/850
// We kill this since we're done and we don't want to // polute the _POST array unset($_POST[$this->_csrf_token_name]); // Nothing should last forever unset($_COOKIE[$this->_csrf_cookie_name]); $this->_csrf_set_hash(); $this->csrf_set_cookie();
$this->_csrf_hash 没有重置成空,调用_csrf_set_hash()之后每次对比后生成的value还是跟之前生成的是一样的。