I am building a site with codeigniter and CSRF is set to true and is working perfectly. I have overidden CSRF to switch it off on one form just to cater for the particular details of that complicated example. However, the login form (with public access) has CSRF enabled and I do not want to override the CSRF for that form for obvious reasons.
The problem is that when I try to access the login form without the www in the domain (and this is not 'normal' or wanted but people do type in URL's without the www so I thought I should cover it), the form appears like normal, but the CSRF kicks in and denies access when the form is submitted.
I am not using any .htaccess files for the public pages, want to keep using the CSRF, but do not want users have problems if they happen to type in the url without the www.
Does anyone have any suggestions about what I can do about this?
Thank you in advance,
Paul
Whatever site you're making, it's generally a very bad SEO practice to allow both site.com and www.site.com to exist as they are treated as two different sites and that carries certain duplicated content penalties, etc.
I'd suggest sticking to one (either with no www or with www) and optimizing your CSRF according to that. It's fairly simple to use, you only need to put permanent redirection rule in your .htaccess, see this for example.