For a customer who needs a highly secure login I have set the cookie expire to 15 minutes, and have enabled form protection. Therefore if the user has the login form in front of them, but doesn’t fill it out until after 15 minutes they get confronted with the scary message “Form tampering protection token validation failed.”
Now I know I can modify that constant string in
but I really don’t want to go digging around and modifying the guts of CakePHP.
So I decided to think outside the box and use the translation routines to do this for me. So I set
I18n::setLocale('en'); in AppController and in
./resources/locale/en/default.po I put: -
msgid "Form tampering protection token validation failed." msgstr "This page has expired, please try refreshing the page."
and I know it works as I threw a
<?= __('Form tampering protection token validation failed.') ?> in my template to test and it translated it.
But, when the form protection kicks in it still says “Form tampering protection token validation failed.”
So does that mean I cannot “translate” this to a polite and friendly message? (as opposed the default intimidating one, and perhaps worse giving a hacker a clue as to what blocked them). Also what is concerning is that when I do translate my site for other languages those users will still see this error in English only?
Is there some other means of changing the DEFAULT_EXCEPTION_MESSAGE? (Bearing in mind it may still need to dynamically translate it.)
Have I missed something here?