CsrfTokenManager
class CsrfTokenManager implements CsrfTokenManagerInterface
Default implementation of {@link CsrfTokenManagerInterface}.
Methods
__construct(TokenGeneratorInterface $generator = null, TokenStorageInterface $storage = null, $namespace = null) | ||
CsrfToken | getToken(string $tokenId) Returns a CSRF token for the given ID. | |
CsrfToken | refreshToken(string $tokenId) Generates a new token value for the given ID. | |
string|null | removeToken(string $tokenId) Invalidates the CSRF token with the given ID, if one exists. | |
bool | isTokenValid(CsrfToken $token) Returns whether the given CSRF token is valid. |
Details
__construct(TokenGeneratorInterface $generator = null, TokenStorageInterface $storage = null, $namespace = null)
Parameters
TokenGeneratorInterface | $generator | |
TokenStorageInterface | $storage | |
$namespace |
CsrfToken getToken(string $tokenId)
Returns a CSRF token for the given ID.
If previously no token existed for the given ID, a new token is generated. Otherwise the existing token is returned (with the same value, not the same instance).
Parameters
string | $tokenId | The token ID. You may choose an arbitrary value for the ID |
Return Value
CsrfToken | The CSRF token |
CsrfToken refreshToken(string $tokenId)
Generates a new token value for the given ID.
This method will generate a new token for the given token ID, independent of whether a token value previously existed or not. It can be used to enforce once-only tokens in environments with high security needs.
Parameters
string | $tokenId | The token ID. You may choose an arbitrary value for the ID |
Return Value
CsrfToken | The CSRF token |
string|null removeToken(string $tokenId)
Invalidates the CSRF token with the given ID, if one exists.
Parameters
string | $tokenId | The token ID |
Return Value
string|null | Returns the removed token value if one existed, NULL otherwise |
bool isTokenValid(CsrfToken $token)
Returns whether the given CSRF token is valid.
Parameters
CsrfToken | $token |
Return Value
bool | Returns true if the token is valid, false otherwise |
© 2004–2017 Fabien Potencier
Licensed under the MIT License.
http://api.symfony.com/3.3/Symfony/Component/Security/Csrf/CsrfTokenManager.html