csrfProtector::refreshToken PHP Method

csrfProtector Class Documentation Usage Examples Of csrfProtector::refreshToken Exibir arquivo Open project: nilsteampassnet/TeamPass

refreshToken() public static method

Parameters: void Returns: void

public static refreshToken ( )

        public static function refreshToken()
        {
            $token = self::generateAuthToken();
            if (!isset($_SESSION[self::$config['CSRFP_TOKEN']]) || !is_array($_SESSION[self::$config['CSRFP_TOKEN']])) {
                $_SESSION[self::$config['CSRFP_TOKEN']] = array();
            }
            //set token to session for server side validation
            array_push($_SESSION[self::$config['CSRFP_TOKEN']], $token);
            //set token to cookie for client side processing
            setcookie(self::$config['CSRFP_TOKEN'], $token, time() + self::$cookieExpiryTime);
        }

Usage Example

Exemplo n.º 1

Exibir arquivo

Arquivo: csrfprotector_test.php Projeto: Hackstill/CSRF-Protector-PHP

 /**
  * Function to check refreshToken() functionality
  */
 public function testRefreshToken()
 {
     $val = $_SESSION[csrfprotector::$config['CSRFP_TOKEN']] = $_COOKIE[csrfprotector::$config['CSRFP_TOKEN']] = '123abcd';
     csrfProtector::$config['tokenLength'] = 20;
     csrfProtector::refreshToken();
     $this->assertTrue(strcmp($val, $_SESSION[csrfprotector::$config['CSRFP_TOKEN']]) != 0);
     $this->assertTrue(csrfP_wrapper::checkHeader('Set-Cookie'));
     $this->assertTrue(csrfP_wrapper::checkHeader('csrfp_token'));
     $this->assertTrue(csrfp_wrapper::checkHeader($_SESSION[csrfprotector::$config['CSRFP_TOKEN']]));
 }

csrfProtector

authorizePost

failedValidationAction

generateAuthToken

getCurrentUrl

init

isURLallowed

isValidToken

logCSRFattack

ob_handler

refreshToken