XF 1.1 Style redirect without confirmation

x7iBiT

Member
I have some like this in a subdomain for redirect to a mobile style:
PHP:
<?php
header("Location: http://mydomain.com/misc/style?style_id=2");
?>
Is there any way to skip the confirmation?
Please confirm that you would like to change to the following style:



I see a _xfToken in the URL when I confirm:
style?style_id=2&_xfToken=10073%2C1337130528%2C85abed1d474727a497a0f2a8031da541f92496b9
Has this token an expiration date?
I can use it in the php code of above?


PD: Sorry, my english sucks :confused:
 

x7iBiT

Member
The token changes. This is to prevent exploits that would change the user's style without their consent.
Yes, I noticed that the token changes every time. Hence my question: has token expiration date? Can I use it indefinitely in time?
 
Top