1. class
  2. Symfony
  3. Component
  4. Form
  5. Extension
  6. Csrf
  7. CsrfProvider
  8. DefaultCsrfProvider

DefaultCsrfProvider deprecated

class DefaultCsrfProvider implements CsrfProviderInterface

deprecated since version 2.4, to be removed in 3.0. Use {@link \Symfony\Component\Security\Csrf\CsrfTokenManager} in combination with {@link \Symfony\Component\Security\Csrf\TokenStorage\NativeSessionTokenStorage} instead.

Default implementation of CsrfProviderInterface.

This provider uses the session ID returned by session_id() as well as a user-defined secret value to secure the CSRF token.

Methods

__construct(string $secret)

Initializes the provider with a secret value.

string
generateCsrfToken(string $intention)

Generates a CSRF token for a page of your application.

bool
isCsrfTokenValid(string $intention, string $token)

Validates a CSRF token.

Details

at line line 46
__construct(string $secret)

Initializes the provider with a secret value.

A recommended value for the secret is a generated value with at least 32 characters and mixed letters, digits and special characters.

Parameters

string $secret A secret value included in the CSRF token

at line line 54
string generateCsrfToken(string $intention)

Generates a CSRF token for a page of your application.

Parameters

string $intention Some value that identifies the action intention (i.e. "authenticate"). Doesn't have to be a secret value.

Return Value

string The generated token

at line line 62
bool isCsrfTokenValid(string $intention, string $token)

Validates a CSRF token.

Parameters

string $intention The intention used when generating the CSRF token
string $token The token supplied by the browser

Return Value

bool Whether the token supplied by the browser is correct