How does "Context::..." work and problems with the security token.

0 views
Skip to first unread message

LanceW

unread,
Dec 18, 2009, 8:03:55 AM12/18/09
to NoseRub
Hi all,
I have been experiencing an issue on martialconversations.com where I
am unable to create new discussions in grops as I am always directed
to http://martialconversations.com/pages/security_check/ when I try
and submit the new topic.

Daniel pointed me at the controller for ensureSecurityToken() and I
have taken a browse through that and my understanding of how things
work is limiting any fault0finding I can do. :-(

Is someone able to describe whats happening in that function, and why.
Specifically, could you also talk about the inner workings of
isCorrectSecurityToken($security_token) and even more specifically the
Context::loggedInIdentityId(); bit.

Lance

Daniel Hofstetter

unread,
Dec 21, 2009, 11:56:42 AM12/21/09
to NoseRub
Hi Lance,

> I have been experiencing an issue on martialconversations.com where I
> am unable to create new discussions in grops as I am always directed

> tohttp://martialconversations.com/pages/security_check/when I try


> and submit the new topic.
>
> Daniel pointed me at the controller for ensureSecurityToken() and I
> have taken a browse through that and my understanding of how things
> work is limiting any fault0finding I can do. :-(
>
> Is someone able to describe whats happening in that function, and why.

It extracts the security key from the request.

> Specifically, could you also talk about the inner workings of
> isCorrectSecurityToken($security_token)

It retrieves the security token for the logged in user, and then
compares it with the security token provided as parameter.

> and even more specifically the
> Context::loggedInIdentityId(); bit.

It simply returns the id of the logged in user.

Maybe Dirk can tell you more about it, as he is the author of this
functionality.

Regards,
daniel

Reply all
Reply to author
Forward
0 new messages