We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

How can i check CSRF token? (phalcon 4.0.6)

Hi, i want set global csrf value.

// baseConstroller
$data['csrf'] = [
  'name' => $this->security->getTokenKey(),
  'value' => $this->security->getToken()
];
<!-- form -->
<input type="hidden" name="{{ $csrf['name'] }}" value="{{ $csrf['value'] }}">
// authController
$this->security->checkToken() // false

but, is it not working. Even when POST is requested, the value has changed and cannot be checked.

I write session in service.

$di->setShared('session', function () {
    $session = new SessionManager();
    $files = new SessionAdapter([
        'savePath' => sys_get_temp_dir(),
    ]);
    $session->setAdapter($files);
    $session->start();

    return $session;
});

Anyone know this?

Do you have more than 1 page open? Or are you somehow calling those functions more than once? Both of those functions regenerate every time they're called.

Do you have more than 1 page open? Or are you somehow calling those functions more than once? Both of those functions regenerate every time they're called.

Hmmm... maybe that is true. I want make global CSRF, so I make CSRF code in baseController. Becuase my sign in form is global popup. How can i make global CSRF code?



125.7k
Accepted
answer

You can store it in $_SESSION, and only generate it if it doesn't already exist.