A cross-site request forgery is where an attacker pretends to be a user that the website recognizes (such as a logged-in user), and the attacker is then able to access a logged-in user's profile as though they were the genuine user. There is a wealth of technical information available, such as websites, books, and so on, on how that happens, which is why we're not going to look into that here. Instead, we're going to look at how CodeIgniter mitigates against cross-site request forgeries.
We're going to amend one file and create two files by performing the following steps:
First, we need to amend some configuration items. To do that, we'll need to open the following file:
/path/to/codeigniter/application/config/config.php
Find the following configuration options and make the amendments as listed in the table: