csrf token

This topic is locked

csrf token	10/12/2020 9:45:08 PM
PHPRunner General questions
brito author good night I need help with the security of my application how do i deploy csrf token in phprunner?

Mark as Solved Mark as not solved

2 replies


	HJB 10/13/2020
	https://xlinesoft.com/phprunner/docs/session_keys.htm For inspiration ... P.S. Above is only "static", yet CSRF requires "dynamic" (random), so, ) Creation of token: `$_SESSION['_csrf_token'] = base64_encode(random_bytes(16));` 2.) Partical issuance of form: `<form method="post"> <!-- further elements --> <input type="hidden" name="_csrf_token" value="<?php echo $_SESSION['_csrf_token'] ?>" /> </form>` 3.) Incoming Form-Check: `$postToken = ($_POST['_csrf_token'] ?? null); if ($postToken != $_SESSION['_csrf_token']) { throw new \InvalidArgumentException('Wrong CSRF-Token'); }` @admin: Once a session deleting code can be added into the above sending of multiple forms can be prohibited.


	Sergey Kornilov admin 10/13/2020
	PHPRunner 10.4 comes with built-in CSRF protection.

2 replies

Mark as Solved Reply