Csrf token isn't being created in subdomain

StackOverflow https://stackoverflow.com/questions/18573395

  •  27-06-2022
  •  | 
  •  

Question

I activated csrf protection on my project which runs on Yii framework. Csrf token is being created when base domain runs like "www.example.com". But it isn't being created when the subdomain runs like "admin.example.com".

The configuration:

'components'=>array(
        'request' => array(
            'class' => 'application.components.HttpRequest',
                    'enableCsrfValidation' => true,
            ),
             ...

What is the problem in my code or is it about the server?

Was it helpful?

Solution

You can configure the CSRF cookie params in the request component in your main.php configuration:

'components' => array(
    'request' => array(
        'csrfCookie' => array(
            'domain' => '.example.com',
        ),
     ),
 ),

Check out the other cookie options. You may also have to tweak the cookie path. This may also be helpful:

How do browser cookie domains work?

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top