Arabic
Chinese
Dutch
English
French
German
Indonesian
Italian
Japanese
Korean
Malay
Portuguese
Russian
SpanishCSRF Protection
The CSRF (Cross-Site Request Forgery), Luminova Framework provides functionality to protect against CSRF attacks, a type of malicious exploit where unauthorized commands are transmitted even from a user that the web application trusts. This class helps ensure the integrity and authenticity of requests sent to your application.
The CSRF class generates unique tokens for each user session and verifies these tokens when processing form submissions or other sensitive requests. By including these tokens in forms or requests, the CSRF class can distinguish between legitimate requests initiated by the user and potentially harmful requests sent by attackers.
Features
- Automatically generates unique CSRF tokens for each user session.
- Verifies the authenticity of CSRF tokens submitted with form submissions or requests.
- Allows for the regeneration of CSRF tokens to prevent token reuse and enhance security.
- Allows to customize the storage location either session storage or cookie.
- Class namespace:
\Luminova\Security\Csrf
Methods
getToken
Retrieves a previously generated CSRF token or generates a new token if none was found, then stores it.
public static getToken(): stringReturn Value:
string - The CSRF token.
refresh
Generates a new CSRF token and stores it.
public static refresh(): stringUse this method when you need to regenerate a token after validation.
Return Value:
string - The generated CSRF token.
delete
Delete stored CSRF token.
public static delete(): voidinputToken
Generates and displays an HTML hidden input field for the CSRF token.
public static inputToken(): voidmetaToken
Generates and displays an HTML meta tag for the CSRF token.
public static metaToken(): voidvalidate
Validates a submitted CSRF token.
public static validate(string $token): boolParameters:
| Parameter | Type | Description |
|---|---|---|
$token | string | The token submitted by the user. |
Return Value:
bool - True if the submitted token is valid, false otherwise.
hasToken
Check if a token has already been generated.
public static hasToken(): boolReturn Value:
bool - Returns true if a token has already been created, otherwise false.