The CSRF token is added to the form as a hidden input only when the form_open()function is used.

只有在使用该form_open()函数时，CSRF 令牌才会作为隐藏输入添加到表单中。

A cookie with the CSRF token's value is created by the Security class, and regenerated if necessary for each request.

带有 CSRF 令牌值的 cookie 由 Security 类创建，并在必要时为每个请求重新生成。

If $_POSTdata exists, the cookie is automatically validated by the Input class. If the posted token does not match the cookie's value, CI will show an error and fail to process the $_POSTdata.

如果$_POST数据存在，则输入类会自动验证 cookie。如果发布的令牌与 cookie 的值不匹配，CI 将显示错误并且无法处理$_POST数据。

So basically, it's all automatic - all you have to do is enable it in your $config['csrf_protection']and use the form_open()function for your form.

所以基本上，这都是自动的——你所要做的就是在你的表单中启用它$config['csrf_protection']并使用form_open()你的表单的功能。

A good article I found that explains it very well: https://beheist.com/blog/csrf-protection-in-codeigniter-2-0-a-closer-look.html

我发现一篇很好的文章解释了它：https: //beheist.com/blog/csrf-protection-in-codeigniter-2-0-a-closer-look.html

Refer this Link -- Used CSRF Tokens using form helper or Manually

请参阅此链接 --使用表单助手或手动使用 CSRF 令牌

The article explains how to work around with CSRF Tokens in

这篇文章解释了如何在

• form open with form helper form_open()function
• in ajax forms
• ajax/jquery serialization forms

• 使用表单助手form_open()功能打开表单
• 以 ajax 形式
• ajax/jquery 序列化表单

This article also explains about how to "Disable CSRF for cetain URL's(Which are used as webservice urls)"

本文还解释了如何“禁用 cetain URL 的 CSRF（用作 web 服务 url）”

When csrf protection enabled security class checks this token automatically (it compares POST token with COOKIE token)

当启用 csrf 保护的安全类自动检查此令牌时（它将 POST 令牌与 COOKIE 令牌进行比较）