Laravel 5: Generating CSRF Session Tokens With csrf

By John Koster April 14, 2018

The csrf_token (cross-site request forgery token) function is a shortcut for retrieving the CSRF token from the session storage.

#CSRF Token

The CSRF token is stored in the session and is a random string 40 characters in length. It is generated using the str_random(40) function call.

#Signature

The signature of the csrf_token is:

1function csrf_token();

#Example Use

The following is an example of what the csrf_token function may output:

1// WGuFrjvm7keNGqDhhW8jVnyC3W6zUv9w4mPexw9N
2csrf_token();

The csrf_token function can also be used when generating HTML forms:

You can also use the csrf_field method to have this hidden input field generated for you automatically.

 1<!DOCTYPE html>
 2<html>
 3<head>
 4    <title>CSRF Token Form Sample</title>
 5</head>
 6<body>
 7    <form>
 8       <input type="hidden" name="_token"
 9              value="<?php echo csrf_token(); ?>"> 
10
11       <!-- Other form inputs here -->
12    </form>
13</body>
14</html>

∎

Up Next

Laravel 5: Generating HTTPS URLs With secure_url

The secure_url helper function generates secure, fully qualified URLs to a given path in Laravel. It can also add additi...

Laravel 5: Generating Paths Relative to the Application Installation Directory With base_path

Learn how to use the base_path function in Laravel to retrieve the path to the application's directory and construct rel...

Laravel 5: Generating Paths Relative to the Application Root With app_path

The app_path function in Laravel returns the full path to the application directory. The value returned depends on your...

Laravel 5: Generating Paths Relative to the Configuration Directory With config_path

The config_path function in Laravel retrieves the path to the config directory and can also be used to construct paths r...