Elgg\ActionsService::handleTokenRefreshRequest PHP Method

handleTokenRefreshRequest() public method

Send an updated CSRF token, provided the page's current tokens were not fake.
public handleTokenRefreshRequest ( ) : Elgg\Http\ResponseBuilder
return Elgg\Http\ResponseBuilder
    public function handleTokenRefreshRequest()
    {
        if (!elgg_is_xhr()) {
            return false;
        }
        // the page's session_token might have expired (not matching __elgg_session in the session), but
        // we still allow it to be given to validate the tokens in the page.
        $session_token = get_input('session_token', null, false);
        $pairs = (array) get_input('pairs', array(), false);
        $valid_tokens = (object) array();
        foreach ($pairs as $pair) {
            list($ts, $token) = explode(',', $pair, 2);
            if ($this->validateTokenOwnership($token, $ts, $session_token)) {
                $valid_tokens->{$token} = true;
            }
        }
        $ts = $this->getCurrentTime()->getTimestamp();
        $token = $this->generateActionToken($ts);
        $data = array('token' => array('__elgg_ts' => $ts, '__elgg_token' => $token, 'logged_in' => $this->session->isLoggedIn()), 'valid_tokens' => $valid_tokens, 'session_token' => $this->session->get('__elgg_session'), 'user_guid' => $this->session->getLoggedInUserGuid());
        elgg_set_http_header("Content-Type: application/json;charset=utf-8");
        return elgg_ok_response($data);
    }