createSessionToken('csrf'); } /** * Generate and store a reusable CSRF token * * @access public * @return string */ public function getReusableCSRFToken() { return $this->createSessionToken('pcsrf'); } /** * Check if the token exists for the current session (a token can be used only one time) * * @access public * @param string $token CSRF token * @return bool */ public function validateCSRFToken($token) { $tokens = session_get('csrf'); if (isset($tokens[$token])) { unset($tokens[$token]); session_set('csrf', $tokens); return true; } return false; } public function validateReusableCSRFToken($token) { $tokens = session_get('pcsrf'); if (isset($tokens[$token])) { return true; } return false; } protected function createSessionToken($key) { if (! session_exists($key)) { session_set($key, []); } $nonce = self::getToken(); session_merge($key, [$nonce => true]); return $nonce; } }