class DefaultCsrfProvider implements CsrfProviderInterface

deprecated since version 2.4, to be removed in 3.0. Use {@link \Symfony\Component\Security\Csrf\CsrfTokenManager} in combination with {@link \Symfony\Component\Security\Csrf\TokenStorage\NativeSessionTokenStorage} instead.

Default implementation of CsrfProviderInterface.

This provider uses the session ID returned by session_id() as well as a user-defined secret value to secure the CSRF token.

Methods

__construct(string $secret)

Initializes the provider with a secret value.

string
generateCsrfToken(string $intention)

Generates a CSRF token for a page of your application.

bool
isCsrfTokenValid(string $intention, string $token)

Validates a CSRF token.

Details

at line line 46
__construct(string $secret)

Initializes the provider with a secret value.

A recommended value for the secret is a generated value with at least 32 characters and mixed letters, digits and special characters.

Parameters

string $secret A secret value included in the CSRF token

at line line 54
string generateCsrfToken(string $intention)

Generates a CSRF token for a page of your application.

Parameters

string $intention Some value that identifies the action intention (i.e. "authenticate"). Doesn't have to be a secret value.

Return Value

string The generated token

at line line 62
bool isCsrfTokenValid(string $intention, string $token)

Validates a CSRF token.

Parameters

string $intention The intention used when generating the CSRF token
string $token The token supplied by the browser

Return Value

bool Whether the token supplied by the browser is correct