How can I get the csrfpId from the current session?
Is there a way to do that? I would like to avoid adding the param to each URL inside my web-app manually ...
Thanks for your help
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The ID is not stored anywhere. The idea of mod_csrf is to add the ID at client side and NOT at server side in order to support JavaScript / dynamic DOM tree updates / Ajax calls etc (all the things which can be handled by content re-writing at the server).
If you have requests which do / shall not contain the ID, you may exclude them by setting the CSRF_IGNORE variable.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
I am trying to add the csrfpId to the URLs of my web-app with a rewrite-rule in Apache 2.2
#RewriteRule ^(.*) $1?%{QUERY_STRING}&&csrfpId=bla [NC,L]
How can I get the csrfpId from the current session?
Is there a way to do that? I would like to avoid adding the param to each URL inside my web-app manually ...
Thanks for your help
The ID is not stored anywhere. The idea of mod_csrf is to add the ID at client side and NOT at server side in order to support JavaScript / dynamic DOM tree updates / Ajax calls etc (all the things which can be handled by content re-writing at the server).
If you have requests which do / shall not contain the ID, you may exclude them by setting the CSRF_IGNORE variable.
OK, I didn't understood how the module is working neither the whole csrf mecanism. But I am on a good way now, thanks for your help