SessionCsrfProvider deprecated

class SessionCsrfProvider extends DefaultCsrfProvider

^deprecated

since version 2.4, to be removed in 3.0. Use {@link \Symfony\Component\Security\Csrf\CsrfTokenManager} in combination with {@link \Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage} instead.

This provider uses a Symfony Session object to retrieve the user's session ID.

Methods

	__construct(Session $session, string $secret) Initializes the provider with a Session object and a secret value.
string	generateCsrfToken(string $intention) Generates a CSRF token for a page of your application.	from DefaultCsrfProvider
bool	isCsrfTokenValid(string $intention, string $token) Validates a CSRF token.	from DefaultCsrfProvider

Details

__construct(Session $session, string $secret)

Initializes the provider with a Session object and a secret value.

A recommended value for the secret is a generated value with at least 32 characters and mixed letters, digits and special characters.

Parameters

Session	$session	The user session
string	$secret	A secret value included in the CSRF token

string generateCsrfToken(string $intention)

Generates a CSRF token for a page of your application.

Parameters

string

$intention

Some value that identifies the action intention (i.e. "authenticate"). Doesn't have to be a secret value.

Return Value

string

The generated token

bool isCsrfTokenValid(string $intention, string $token)

Validates a CSRF token.

Parameters

string	$intention	The intention used when generating the CSRF token
string	$token	The token supplied by the browser

Return Value

bool	Whether the token supplied by the browser is correct

Links:

http://api.symfony.com/master/Symfony/Component/Form/Extension/Csrf/CsrfProvider/SessionCsrfProvider.html

doc_Symfony

2016-10-28 06:32:16

Comments