Invalid method CSRF

[Didier Gasser-Morlay]

Good day all,

Every now and again, when login into an app I am developping, I get an error "Invalid method CSRF",

I believe it is due to the fact that I have a bug in my routine in charge of clearing the session table

(held in postgreSQL) of expired sessions.

Whilst fixing my bug is important, I was also wondering how I can determine that a session is not properly created. and possibly send a graceful message to the user

I checked it's classname, it still says that the variable holding the session is of type DB\SQL\Session which I believe is correct, despite the fact than the method csrf is invalid. 

Hope I was clear

thanks in advance

Didier

[ved]

Hi, 

You didn't post any code (like how you're calling the csrf method) so our help will be limited to some guesses.

Anyway, you can use the "onsuspect" callback on any of F3's session handlers in order to determine if the session is getting flagged as suspect if that's what you're asking with "determine if session is properly created"

Please post all of the relevant code for better feedback.

Cheers