#3621 - CSRF post token expiry, AJAX checks for expiry
-
By Chris Graham
- Added
- 0 views
| Identifier | #3621 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | CSRF post token expiry, AJAX checks for expiry |
| Status | Closed (rejected) |
| Tags |
Type: Security (custom) |
| Handling member | Chris Graham |
| Addon | core |
| Description | Before submitting a form, check that the post token is not expired. If it has expired, tell the user that they appear to be making a submission that is not authorised under their account and if this is due to it the form being opened a while back that they can choose to re-authorise it. This will put in the session ID to the post token (valid in our token system), and continue the submission. |
| Steps to reproduce | |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments