Fixed: CodeIgniter v3.1.13 Not Declaring CSRF Cookies

hungnguyenhp · hungnguyenhp · commit 9ef438d0ceb7 · 2023-03-23T10:48:40.000+07:00
diff --git a/system/core/Security.php b/system/core/Security.php
@@ -297,7 +297,7 @@ public function csrf_set_cookie()
 			header('Set-Cookie: ' . $this->_csrf_cookie_name . '=' . $this->_csrf_hash
 				   . '; Expires=' . gmdate('D, d-M-Y H:i:s T', $expire)
 				   . '; Max-Age=' . $this->_csrf_expire
-				   . '; Path=' . rawurlencode(config_item('cookie_path'))
+				   . '; Path='.implode('/', array_map('rawurlencode', explode('/', config_item('cookie_path'))))
 				   . ($domain === '' ? '' : '; Domain=' . $domain)
 				   . ($secure_cookie ? '; Secure' : '')
 				   . (config_item('cookie_httponly') ? '; HttpOnly' : '')
