I'm trying to understand the use behind the CSRF token, which I understand is for security. I'm working on a custom script and I'm trying to understand its use and how to validate it.
From what I can see, I've had no issue obtaining it via this bit of code:
So I'm pulling it and then passing it via a form in a hidden format, but It seems like it updates with every page refresh, and I can't get it to match when I pass it because the value has already changed to a new one. Is that not the spirit it was intended for, or am I missing something? I appreciate any guidance anyone might be able to provide. Everything else has been pretty straightforward but I'm trying to tighten up a few things and I'd like to finally master this one, so thank you in advance to anyone who can help me figure this one out.
From what I can see, I've had no issue obtaining it via this bit of code:
Code:
$token = \XF::app()['csrf.token'];So I'm pulling it and then passing it via a form in a hidden format, but It seems like it updates with every page refresh, and I can't get it to match when I pass it because the value has already changed to a new one. Is that not the spirit it was intended for, or am I missing something? I appreciate any guidance anyone might be able to provide. Everything else has been pretty straightforward but I'm trying to tighten up a few things and I'd like to finally master this one, so thank you in advance to anyone who can help me figure this one out.
Last edited:
