My application tends to live a long live in the client space and for several reasons the user might still have a web page open where one CSRF token is used, but where the CSRF token is no longer valid (session expiry after disconnect, login/logout in other tab/...).
I alread fixed the fact that the enduser might open several tabs pointing to the site "at the same time" (when the closed navigator is reopened with remembered tab urls), which implied a change in CHttpRequest (by extending the class in a YHttpRequest I created and add some CSRF caching there).
Next thing I would like to do is to force a reload of the page when the CSRF token is no longer valid.
I can see two methods:
a) Polling the server and let the server decide if the CSRF token is still valid;
![B)]()
Compare locally with the YII_CSRF_TOKEN cookie.
In both cases the ideal would be a blocking popup with a button for the user to proceed with reloading the page.
I am checking if somebody already did this to avoid writing the code. I haven't seen an extension for this, but there could very well be one for it. I'ld appreciate the sharing ;-).
I alread fixed the fact that the enduser might open several tabs pointing to the site "at the same time" (when the closed navigator is reopened with remembered tab urls), which implied a change in CHttpRequest (by extending the class in a YHttpRequest I created and add some CSRF caching there).
Next thing I would like to do is to force a reload of the page when the CSRF token is no longer valid.
I can see two methods:
a) Polling the server and let the server decide if the CSRF token is still valid;
Compare locally with the YII_CSRF_TOKEN cookie.In both cases the ideal would be a blocking popup with a button for the user to proceed with reloading the page.
I am checking if somebody already did this to avoid writing the code. I haven't seen an extension for this, but there could very well be one for it. I'ld appreciate the sharing ;-).