Closed ghost closed 12 years ago
The issue here is that by default (as documented) the token is assigned to the form when the form is generated, which means it will be no longer valid as soon as an other form with that same token is submitted.
You can fix this by assigning the token when you submit the form, so the form will always contain the current token.
See http://docs.fuelphp.com/classes/security.html#/method_js_set_token
The CSRF token gets reset every time
Security::check_token
is called. This causes problems when the user has multiple pages open or multiple AJAX calls are made from the same page with the same token.