问题
I don't like how CI behaves by default when a CSRF token has expired. For instance, when a user has displayed the login form for a long time and they finally submit it, this ugly blank page with the error message comes up.
I asked for ways to get around this, and someone told me to extend the Security class, and override its csrf_show_error() method, like this:
class MY_Security extends CI_Security {
public function __construct()
{
parent::__construct();
}
public function csrf_show_error()
{
// comment out the default action
// show_error('The action you have requested is not allowed.');
// add redirect actions here
// I'd like to use some helper function here like redirect()
}
}
The problem is that I can't, or I don't know how to get access to the libraries and helpers from here, in order to perform a redirect. I can't use the get_instance() function here because I get an error. So, what else couls I do? Or is there any other better option to prevent from showing this error page?
回答1:
Core classes like CI_Security are instantiated before helpers and libraries - there is no ability to utilize these functions like you would elsewhere in a CI app.
You'll have to duplicate the functionality in the class using native PHP functions like header() which is not much of a hardship if you'd simply like to redirect to a prettier error page.
回答2:
One of a way to do is extend Security class to redirect to the same page.
CodeIgniter User Guide - Extending Core Class
Nice explanation of How to handle an expired CSRF token after a page is left open
回答3:
For those who want change the page view, you can edit the file error_general.php in /application/errors/error_general.php. CodeIgniter uses that file to show general errors, like CSRF Errors.
Regards :).
来源:https://stackoverflow.com/questions/14406922/prevent-from-displaying-the-default-csrf-error-page-in-codeigniter