DefaultCsrfProvider deprecated

class DefaultCsrfProvider implements CsrfProviderInterface

^deprecated

since version 2.4, to be removed in 3.0. Use {@link \Symfony\Component\Security\Csrf\CsrfTokenManager} in combination with {@link \Symfony\Component\Security\Csrf\TokenStorage\NativeSessionTokenStorage} instead.

Default implementation of CsrfProviderInterface.

This provider uses the session ID returned by session_id() as well as a user-defined secret value to secure the CSRF token.

Methods

	__construct(string $secret) Initializes the provider with a secret value.
string	generateCsrfToken(string $intention) Generates a CSRF token for a page of your application.
bool	isCsrfTokenValid(string $intention, string $token) Validates a CSRF token.

Details

__construct(string $secret)

Initializes the provider with a secret value.

A recommended value for the secret is a generated value with at least 32 characters and mixed letters, digits and special characters.

Parameters

string

$secret

A secret value included in the CSRF token

string generateCsrfToken(string $intention)

Generates a CSRF token for a page of your application.

Parameters

string

$intention

Some value that identifies the action intention (i.e. "authenticate"). Doesn't have to be a secret value.

Return Value

string

The generated token

bool isCsrfTokenValid(string $intention, string $token)

Validates a CSRF token.

Parameters

string	$intention	The intention used when generating the CSRF token
string	$token	The token supplied by the browser

Return Value

bool	Whether the token supplied by the browser is correct

Links:

http://api.symfony.com/master/Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider.html

doc_Symfony

2016-10-28 06:13:36

Comments