[Storekeeper]

Well, just for fun I thought I would increase store security a bit by turning on this switch in config.local.php:

'anti_csfr' => false, // protect forms from CSFR attacks (experimental)

to

'anti_csfr' => true, // protect forms from CSFR attacks (experimental)

That was a couple days ago, and I don't remember if I logged back in since as the Admin (or if I ever logged out, to be honest), but this morning when I tried to login instead of the admin panel I got this message in a otherwise blank page:

Access denied: CSRF attack

So I wander now if:

Is anyone here using this successfully? And how?

I know it says "experimental" and all, but a more secure site is a good thing to have.

Any advice appreciated!

(BTW, I was able to login once I turned it back to "false")

[Struck]

Access denied: CSRF attack

Thank you StoreKeeper for being the absolute 1st Beta Tester of this new feature & actually reporting back your results!

At least I now know to not trigger this experimental setting for awhile longer!

[Darius]

Don't touch if its not broken!

You should never play with beta stuff on live store...

[tbirnseth]

It's been a tweak setting for forever. You'd think the QA department would have tested it or had it removed if not...