SessionCsrfProvider deprecated

class SessionCsrfProvider extends DefaultCsrfProvider

deprecated

since version 2.4, to be removed in 3.0. Use {@link \Symfony\Component\Security\Csrf\CsrfTokenManager} in combination with {@link \Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage} instead.

This provider uses a Symfony Session object to retrieve the user's session ID.

Methods

__construct(Session $session, string $secret)

Initializes the provider with a Session object and a secret value.
string generateCsrfToken(string $intention)

Generates a CSRF token for a page of your application.

 from DefaultCsrfProvider
bool isCsrfTokenValid(string $intention, string $token)

Validates a CSRF token.

 from DefaultCsrfProvider

Details

__construct(Session $session, string $secret)

Initializes the provider with a Session object and a secret value.

A recommended value for the secret is a generated value with at least 32 characters and mixed letters, digits and special characters.

Parameters

Session $session The user session
string $secret A secret value included in the CSRF token

string generateCsrfToken(string $intention)

Generates a CSRF token for a page of your application.

Parameters

string $intention Some value that identifies the action intention (i.e. "authenticate"). Doesn't have to be a secret value.

Return Value

string The generated token

bool isCsrfTokenValid(string $intention, string $token)

Validates a CSRF token.

Parameters

string $intention The intention used when generating the CSRF token
string $token The token supplied by the browser

Return Value

bool Whether the token supplied by the browser is correct

© 2004–2017 Fabien Potencier
Licensed under the MIT License.
http://api.symfony.com/4.0/Symfony/Component/Form/Extension/Csrf/CsrfProvider/SessionCsrfProvider.html