private static function generateCsrfToken() { $length = 32; $bytes = openssl_random_pseudo_bytes(($length + 1) / 2); $hex = bin2hex($bytes); return substr(base64_encode($hex), 0, $length); }