class DefaultCsrfProvider implements CsrfProviderInterface
deprecated
since version 2.4, to be removed in 3.0. Use {@link \Symfony\Component\Security\Csrf\CsrfTokenManager} in combination with {@link \Symfony\Component\Security\Csrf\TokenStorage\NativeSessionTokenStorage} instead.
Default implementation of CsrfProviderInterface.
This provider uses the session ID returned by session_id() as well as a user-defined secret value to secure the CSRF token.
Methods
__construct(string $secret) Initializes the provider with a secret value. | ||
string | generateCsrfToken(string $intention) Generates a CSRF token for a page of your application. | |
bool | isCsrfTokenValid(string $intention, string $token) Validates a CSRF token. |
Details
__construct(string $secret)
Initializes the provider with a secret value.
A recommended value for the secret is a generated value with at least 32 characters and mixed letters, digits and special characters.
string generateCsrfToken(string $intention)
Generates a CSRF token for a page of your application.
bool isCsrfTokenValid(string $intention, string $token)
Validates a CSRF token.
Please login to continue.