class CsrfTokenManager implements CsrfTokenManagerInterface

Default implementation of {@link CsrfTokenManagerInterface}.

Methods

__construct(TokenGeneratorInterface $generator = null, TokenStorageInterface $storage = null, $namespace = null)

No description

getToken(string $tokenId)

Returns a CSRF token for the given ID.

refreshToken(string $tokenId)

Generates a new token value for the given ID.

string|null
removeToken(string $tokenId)

Invalidates the CSRF token with the given ID, if one exists.

bool
isTokenValid(CsrfToken $token)

Returns whether the given CSRF token is valid.

Details

at line 40
__construct(TokenGeneratorInterface $generator = null, TokenStorageInterface $storage = null, $namespace = null)

Parameters

TokenGeneratorInterface $generator
TokenStorageInterface $storage
$namespace

at line 69
CsrfToken getToken(string $tokenId)

Returns a CSRF token for the given ID.

If previously no token existed for the given ID, a new token is generated. Otherwise the existing token is returned (with the same value, not the same instance).

Parameters

string $tokenId The token ID. You may choose an arbitrary value for the ID

Return Value

CsrfToken The CSRF token

at line 86
CsrfToken refreshToken(string $tokenId)

Generates a new token value for the given ID.

This method will generate a new token for the given token ID, independent of whether a token value previously existed or not. It can be used to enforce once-only tokens in environments with high security needs.

Parameters

string $tokenId The token ID. You may choose an arbitrary value for the ID

Return Value

CsrfToken The CSRF token

at line 99
string|null removeToken(string $tokenId)

Invalidates the CSRF token with the given ID, if one exists.

Parameters

string $tokenId The token ID

Return Value

string|null Returns the removed token value if one existed, NULL otherwise

at line 107
bool isTokenValid(CsrfToken $token)

Returns whether the given CSRF token is valid.

Parameters

CsrfToken $token

Return Value

bool Returns true if the token is valid, false otherwise