How to properly add cross-site request forgery (CSRF) token using PHP

后端未结

关注

 3  648

南旧 2020-11-22 10:23

I am trying to add some security to the forms on my website. One of the forms uses AJAX and the other is a straightforward \"contact us\" form. I\'m trying to add a CSRF tok

3条回答

我在风中等你 (楼主)

2020-11-22 10:56
Security Warning: md5(uniqid(rand(), TRUE)) is not a secure way to generate random numbers. See this answer for more information and a solution that leverages a cryptographically secure random number generator.

Looks like you need an else with your if.
```
if (!isset($_SESSION['token'])) {
    $token = md5(uniqid(rand(), TRUE));
    $_SESSION['token'] = $token;
    $_SESSION['token_time'] = time();
}
else
{
    $token = $_SESSION['token'];
}
```
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...