1. class
  2. Symfony
  3. Component
  4. Form
  5. Extension
  6. Csrf
  7. CsrfProvider
  8. SessionCsrfProvider

SessionCsrfProvider deprecated

class SessionCsrfProvider extends DefaultCsrfProvider

deprecated since version 2.4, to be removed in 3.0. Use {@link \Symfony\Component\Security\Csrf\CsrfTokenManager} in combination with {@link \Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage} instead.

This provider uses a Symfony Session object to retrieve the user's session ID.

Methods

__construct(Session $session, string $secret)

Initializes the provider with a Session object and a secret value.

string
generateCsrfToken(string $intention)

Generates a CSRF token for a page of your application.

from DefaultCsrfProvider
bool
isCsrfTokenValid(string $intention, string $token)

Validates a CSRF token.

from DefaultCsrfProvider

Details

at line line 49
__construct(Session $session, string $secret)

Initializes the provider with a Session object and a secret value.

A recommended value for the secret is a generated value with at least 32 characters and mixed letters, digits and special characters.

Parameters

Session $session The user session
string $secret A secret value included in the CSRF token

in DefaultCsrfProvider at line line 54
string generateCsrfToken(string $intention)

Generates a CSRF token for a page of your application.

Parameters

string $intention Some value that identifies the action intention (i.e. "authenticate"). Doesn't have to be a secret value.

Return Value

string The generated token

in DefaultCsrfProvider at line line 62
bool isCsrfTokenValid(string $intention, string $token)

Validates a CSRF token.

Parameters

string $intention The intention used when generating the CSRF token
string $token The token supplied by the browser

Return Value

bool Whether the token supplied by the browser is correct