From 7645a1f46831df6cd14db70b6f5dd74d2a4aa1d8 Mon Sep 17 00:00:00 2001 From: Neil Drumm Date: Wed, 19 Jul 2006 07:25:49 +0000 Subject: #73609 by jvandyk, add a comment explaining token unsetting. --- includes/form.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/includes/form.inc b/includes/form.inc index 80f53726c..bf027bca3 100644 --- a/includes/form.inc +++ b/includes/form.inc @@ -71,6 +71,9 @@ function drupal_get_form($form_id, &$form, $callback = NULL) { $form['#type'] = 'form'; if (isset($form['#token'])) { + // If the page cache is on and an anonymous user issues a GET request, + // unset the token because the token in the cached page would not match, + // because the token is based on the session ID. if (variable_get('cache', 0) && !$user->uid && $_SERVER['REQUEST_METHOD'] == 'GET') { unset($form['#token']); } -- cgit v1.2.3