'anti_csfr' => false, // protect forms from CSFR attacks (experimental)to
'anti_csfr' => true, // protect forms from CSFR attacks (experimental)
That was a couple days ago, and I don't remember if I logged back in since as the Admin (or if I ever logged out, to be honest), but this morning when I tried to login instead of the admin panel I got this message in a otherwise blank page:
Access denied: CSRF attack
So I wander now if:
Is anyone here using this successfully? And how?
I know it says "experimental" and all, but a more secure site is a good thing to have.
Any advice appreciated!
(BTW, I was able to login once I turned it back to "false")