By John Koster
The csrf_token
(cross-site request forgery token) function is a shortcut for retrieving the CSRF token from the session storage.
#CSRF Token
The CSRF token is stored in the session and is a random string 40 characters in length. It is generated using the str_random(40)
function call.
#Signature
The signature of the csrf_token
is:
1function csrf_token();
#Example Use
The following is an example of what the csrf_token
function may output:
1// WGuFrjvm7keNGqDhhW8jVnyC3W6zUv9w4mPexw9N
2csrf_token();
The csrf_token
function can also be used when generating HTML forms:
You can also use the csrf_field
method to have this hidden input field generated for you automatically.
1<!DOCTYPE html>
2<html>
3<head>
4 <title>CSRF Token Form Sample</title>
5</head>
6<body>
7 <form>
8 <input type="hidden" name="_token"
9 value="<?php echo csrf_token(); ?>">
10
11 <!-- Other form inputs here -->
12 </form>
13</body>
14</html>
∎