- Member | 31
thread, when using as stand-alone Nette forms I can't use CSRF protection
when another (non-nette) part of code has already started the session before the
form is rendered. (there's a fatal exception:
Unable to set 'session.use_only_cookies' to value '1...)
However in ` Nette\Http\Session` there is a private static property
$started that is always set to false, so then nette starts the
session. Could there be a config option to allow session
to be set to true, or ‘smart’ where it can test for a current session? and
could that config option not rely on the main config.neon as this is not part of
the standalone forms.
that way forms could play nicely with other code and frameworks and spread the nette awesomeness!
thanks of considering it.