The following function is used to get the form key in templates with type hidden. My customerController.php does not validate the form key with the method _validateFormKey()
. When I echo the following function in controller, Its value differ from the value that is posted in form.
echo Mage::getSingleton('core/session')->getFormKey();
My question is
- How can I validate this form key?
- Why form key in template is different from the form key in Controller?
In my template file
<input type="hidden" name="form_key" value="<?php echo Mage::getSingleton('core/session')->getFormKey(); ?>" />
but in my controller,
echo $this->getRequest()->getParam('form_key'); // IZwYiobh1jmXLdBG
echo Mage::getSingleton('core/session')->getFormKey(); // DzMQebo8poku9ZKa
Best Answer
Pass form_key:
For Validate form key ,you need to send the form key with URL or as a hidden input.
If you send as URL parameter then the parameter name should be form_key/[keyValue].
If send as hidden field then you need to send as
Validated form Key
For validated form key at controller you need to add below code: