Access denied: CSRF attack ?

Well, just for fun I thought I would increase store security a bit by turning on this switch in config.local.php:

'anti_csfr' => false, // protect forms from CSFR attacks (experimental)


'anti_csfr' => true, // protect forms from CSFR attacks (experimental)

That was a couple days ago, and I don't remember if I logged back in since as the Admin (or if I ever logged out, to be honest), but this morning when I tried to login instead of the admin panel I got this message in a otherwise blank page:


Access denied: CSRF attack[/indent]

So I wander now if:

[indent]Is anyone here using this successfully? And how?[/indent]

I know it says “experimental” and all, but a more secure site is a good thing to have.

Any advice appreciated!


(BTW, I was able to login once I turned it back to “false”)[/size]

[quote]Access denied: CSRF attack[/quote]

Thank you StoreKeeper for being the absolute 1st Beta Tester of this new feature & actually reporting back your results!

At least I now know to not trigger this experimental setting for awhile longer! :D

Don’t touch if its not broken! :)

You should never play with beta stuff on live store…

It's been a tweak setting for forever. You'd think the QA department would have tested it or had it removed if not…