0 follower

Final Class Yiisoft\Csrf\Synchronizer\SynchronizerCsrfToken

All Classes | Methods
InheritanceYiisoft\Csrf\Synchronizer\SynchronizerCsrfToken
ImplementsYiisoft\Csrf\CsrfTokenInterface

Stateful CSRF token that is a unique random string. It is stored it in persistent storage available only for the currently logged in user. The same token is added to forms. When the form is submitted, token that came from the form is compared against the token stored.

The algorithm is also known as "Synchronizer Token".

Do not forget to decorate the token with {@see \Yiisoft\Csrf\MaskedCsrfToken} to prevent BREACH attack.

Public Methods

Hide inherited methods

Method Description Defined By
__construct() Yiisoft\Csrf\Synchronizer\SynchronizerCsrfToken
getValue() Yiisoft\Csrf\Synchronizer\SynchronizerCsrfToken
validate() Yiisoft\Csrf\Synchronizer\SynchronizerCsrfToken

Method Details

Hide inherited methods

__construct() public method

public mixed __construct ( Yiisoft\Csrf\Synchronizer\Generator\CsrfTokenGeneratorInterface $generator, Yiisoft\Csrf\Synchronizer\Storage\CsrfTokenStorageInterface $storage )
$generator Yiisoft\Csrf\Synchronizer\Generator\CsrfTokenGeneratorInterface
$storage Yiisoft\Csrf\Synchronizer\Storage\CsrfTokenStorageInterface 

                public function __construct(
    CsrfTokenGeneratorInterface $generator,
    CsrfTokenStorageInterface $storage
) {
    $this->generator = $generator;
    $this->storage = $storage;
}
getValue() public method

public string getValue ( )

                public function getValue(): string
{
    $token = $this->storage->get();
    if (empty($token)) {
        $token = $this->generator->generate();
        $this->storage->set($token);
    }
    return $token;
}
validate() public method

public boolean validate ( string $token )
$token string 

                public function validate(string $token): bool
{
    return hash_equals($this->getValue(), $token);
}