Luminova Framework

CSRF Protection

Last updated: 2024-05-14 00:51:50

The CSRF (Cross-Site Request Forgery), Luminova Framework provides functionality to protect against CSRF attacks, a type of malicious exploit where unauthorized commands are transmitted even from a user that the web application trusts. This class helps ensure the integrity and authenticity of requests sent to your application.

The CSRF class generates unique tokens for each user session and verifies these tokens when processing form submissions or other sensitive requests. By including these tokens in forms or requests, the CSRF class can distinguish between legitimate requests initiated by the user and potentially harmful requests sent by attackers.


  1. Automatically generates unique CSRF tokens for each user session.
  2. Verifies the authenticity of CSRF tokens submitted with form submissions or requests.
  3. Allows for the regeneration of CSRF tokens to prevent token reuse and enhance security.
  4. Allows to customize the storage location either session storage or cookie.

  • Class namespace: \Luminova\Security\Csrf



Retrieves a previously generated CSRF token or generates a new token if none was found, then stores it.

public static getToken(): string

Return Value:

string - The CSRF token.


Generates a new CSRF token and stores it.

public static refresh(): string

Use this method when you need to regenerate a token after validation.

Return Value:

string - The generated CSRF token.


Delete stored CSRF token.

public static delete(): void


Generates and displays an HTML hidden input field for the CSRF token.

public static inputToken(): void


Generates and displays an HTML meta tag for the CSRF token.

public static metaToken(): void


Validates a submitted CSRF token.

public static validate(string $token): bool


$tokenstringThe token submitted by the user.

Return Value:

bool - True if the submitted token is valid, false otherwise.


Check if a token has already been generated.

public static hasToken(): bool

Return Value:

bool - Returns true if a token has already been created, otherwise false.