CsrfToken
in package
Framework-level CSRF token service.
Generates and validates single-use CSRF tokens backed by the core ISession abstraction (defaulting to a real PHP session). The session key ('csrf_token') matches the CMS implementation so both stay compatible.
Table of Contents
Properties
- $_random : IRandom
- $_session : ISession
- $_tokenKey : string
Methods
- __construct() : mixed
- generate() : string
- Generate and store a new CSRF token.
- getToken() : string
- Get the current CSRF token, generating one if absent.
- regenerate() : string
- Regenerate the CSRF token.
- validate() : bool
- Validate a CSRF token. Valid tokens are consumed (single-use).
Properties
$_random
private
IRandom
$_random
$_session
private
ISession
$_session
$_tokenKey
private
string
$_tokenKey
= 'csrf_token'
Methods
__construct()
public
__construct([ISession|null $session = null ][, IRandom|null $random = null ]) : mixed
Parameters
generate()
Generate and store a new CSRF token.
public
generate() : string
Return values
stringgetToken()
Get the current CSRF token, generating one if absent.
public
getToken() : string
Return values
stringregenerate()
Regenerate the CSRF token.
public
regenerate() : string
Return values
stringvalidate()
Validate a CSRF token. Valid tokens are consumed (single-use).
public
validate(string $token) : bool
Parameters
- $token : string