AntiForgery Class
Definition
Namespace: DafCore
Phar: DafCore.phar
Cross-site request forgery is an attack against web-hosted apps whereby a malicious web app can influence the interaction between a client browser and a web app that trusts that browser. These attacks are possible because web browsers send some types of authentication tokens automatically with every request to a website. This form of exploit is also known as a one-click attack or session riding because the attack takes advantage of the user's previously authenticated session. Cross-site request forgery is also known as XSRF or CSRF.
Constructor
__construct(Session $session, Request $request)
-
Session $session- class for handle current sessions. -
Request $request- class for handle current Request.
Methods
function RegisterToken() : void
Register AntiForgery token to the current session.
function GetToken() : string
Get the AntiForgery token from the current session.
function ValidateToken() : bool
Validate the AntiForgery token of the current session with the request token.