true]); return $nonce; } /** * Check if the token exists for the current session (a token can be used only one time) * * @access public * @param string $token CSRF token * @return bool */ public function validateCSRFToken($token) { $tokens = session_get('csrf'); if (isset($tokens[$token])) { unset($tokens[$token]); session_set('csrf', $tokens); return true; } return false; } }