public CsrfTokenGenerator::validate($token, $value = '') Validates a token based on $value, the user session, and the private key. Parameters string $token: The token to be validated. string $value: (optional) An additional value to base the token on. Return value bool TRUE for a valid token, FALSE for an invalid token. File core/lib/Drupal/Core/Access/CsrfTokenGenerator.php, line 84 Class CsrfTokenGenerator Generates and validates CSRF tokens. Namespace Drupal\Core\Access Code publi

public CsrfTokenGenerator::get($value = '') Generates a token based on $value, the user session, and the private key. The generated token is based on the session of the current user. Normally, anonymous users do not have a session, so the generated token will be different on every page request. To generate a token for users without a session, manually start a session prior to calling this function. Parameters string $value: (optional) An additional value to base the token on. Return value str

protected CsrfTokenGenerator::computeToken($seed, $value = '') Generates a token based on $value, the token seed, and the private key. Parameters string $seed: The per-session token seed. string $value: (optional) An additional value to base the token on. Return value string A 43-character URL-safe token for validation, based on the token seed, the hash salt provided by Settings::getHashSalt(), and the 'drupal_private_key' configuration variable. See also \Drupal\Core\Site\Settings::getHashS

The session metadata bag. Type: \Drupal\Core\Session\MetadataBag File core/lib/Drupal/Core/Access/CsrfTokenGenerator.php, line 29 Class CsrfTokenGenerator Generates and validates CSRF tokens. Namespace Drupal\Core\Access Code protected $sessionMetadata;

The private key service. Type: \Drupal\Core\PrivateKey File core/lib/Drupal/Core/Access/CsrfTokenGenerator.php, line 22 Class CsrfTokenGenerator Generates and validates CSRF tokens. Namespace Drupal\Core\Access Code protected $privateKey;

Generates and validates CSRF tokens. Hierarchy class \Drupal\Core\Access\CsrfTokenGenerator See also \Drupal\Tests\Core\Access\CsrfTokenGeneratorTest File core/lib/Drupal/Core/Access/CsrfTokenGenerator.php, line 15 Namespace Drupal\Core\Access Members Name Modifiers Type Description CsrfTokenGenerator::$privateKey protected property The private key service. CsrfTokenGenerator::$sessionMetadata protected property The session metadata bag. CsrfTokenGenerator::co

public CsrfTokenController::__construct(CsrfTokenGenerator $token_generator) Constructs a new CsrfTokenController object. Parameters \Drupal\Core\Access\CsrfTokenGenerator $token_generator: The CSRF token generator. File core/modules/system/src/Controller/CsrfTokenController.php, line 29 Class CsrfTokenController Returns responses for CSRF token routes. Namespace Drupal\system\Controller Code public function __construct(CsrfTokenGenerator $token_generator) { $this->tokenGenerator

public CsrfTokenController::csrfToken() Returns a CSRF protecting session token. Return value \Symfony\Component\HttpFoundation\Response The response object. File core/modules/system/src/Controller/CsrfTokenController.php, line 48 Class CsrfTokenController Returns responses for CSRF token routes. Namespace Drupal\system\Controller Code public function csrfToken() { return new Response($this->tokenGenerator->get(CsrfRequestHeaderAccessCheck::TOKEN_KEY), 200, ['Content-Type' =&g

public static CsrfTokenController::create(ContainerInterface $container) Instantiates a new instance of this class. This is a factory method that returns a new instance of this class. The factory should pass any needed dependencies into the constructor of this class, but not the container itself. Every call to this method must return a new instance of this class; that is, it may not implement a singleton. Parameters \Symfony\Component\DependencyInjection\ContainerInterface $container: The serv

The CSRF token generator. Type: \Drupal\Core\Access\CsrfTokenGenerator File core/modules/system/src/Controller/CsrfTokenController.php, line 21 Class CsrfTokenController Returns responses for CSRF token routes. Namespace Drupal\system\Controller Code protected $tokenGenerator;