April 14, 2018 —John Koster
The csrf_token (cross-site request forgery token) function is a shortcut for retrieving the CSRF token from the session storage.
The CSRF token is stored in the session and is a random string 40 characters in length. It is generated using the str_random(40) function call.
The signature of the csrf_token is:
1function csrf_token();The following is an example of what the csrf_token function may output:
1// WGuFrjvm7keNGqDhhW8jVnyC3W6zUv9w4mPexw9N2csrf_token();The csrf_token function can also be used when generating HTML forms:
You can also use the csrf_field method to have this hidden input field generated for you automatically.
1<!DOCTYPE html> 2<html> 3<head> 4 <title>CSRF Token Form Sample</title> 5</head> 6<body> 7 <form> 8 <input type="hidden" name="_token" 9 value="<?php echo csrf_token(); ?>">10 11 <!-- Other form inputs here -->12 </form>13</body>14</html>∎