Token in uris - Discussion - Phalcon Framework

Created Dec '13	Last Reply None	Replies 0	Views 630	Votes 0

Hi,

I would like to know how to secure sensitive uri like "domain.name/user/delete/?id=28" I firstly thought I could use Phalcon\Security token generation and adding it to uris like this :

class Url extends \Phalcon\Mvc\Url {
    public function get($uri = null, $args = null){
        $uri = parent::get($uri, $args);
        if(strpos($uri, '?') !== false){
            $uri .= '&';
        } else {
            $uri .= '?';
        }
        return $uri .= 'token=' . $this->getDI()->getShared('security')->getToken(32);
    }
}

Then, in my controllers checking it like this :

$this->security->checkToken('token', $this->request->getQuery('token'))

But this doesn't seem to work, it returns false. I also tried to use getSessionToken but both are different.

Can anyone help me ?

Thanks ;)

EDIT : I even try to create the token like this :

$this->getDI()->getShared('security')->getTokenKey() . '=' . $this->getDI()->getShared('security')->getToken(32)

But it doesn't work either.