Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

how to use security token

I tried phalcon framework(2.0.8) Phalcon/Security,
I am in trouble without token fitting it.

I tried it in the next procedure. (This source uploaded https://github.com/nakanek/phalcon_security_test

  1. create project by phalcon DevTools(2.0.8)
phalcon project phalcon
  1. edit app/config/service.php
$di->setShared('logger', function() use ($config) {
    $formatter = new \Phalcon\Logger\Formatter\Line('%date% %type%  %message%');
    $logger = new \Phalcon\Logger\Adapter\File('../phalcon.log');
    $logger->setLogLevel(\Phalcon\Logger::DEBUG);
    $logger->setFormatter($formatter);
    return $logger;
});

/**
 * Start the session the first time some component request the session service
 */
$di->setShared('session', function () {
    $session = new Phalcon\Session\Adapter\Libmemcached(array(
        'servers' => array(
            array('host' => 'localhost', 'port' => 11211, 'weight' => 1),
        ),
        'client' => array(
            Memcached::OPT_HASH => Memcached::HASH_MD5,
            Memcached::OPT_PREFIX_KEY => 'prefix.',
        ),
       'lifetime' => 3600,
       'prefix' => 'my_'
    ));
    $session->start();

    return $session;
});

$di->set('security', function() {
    $security = new \Phalcon\Security();
    $security->setWorkFactor(12);
    return $security;
}, true);
  1. append app/views/index/index.volt
<div>
<a href="/index/tokencheck?token={{ security.getToken() }}">token check</a>
</div>
  1. edit app/controllers/IndexController.php
    public function indexAction()
    {
        $this->logger->debug('call indexAction');
    }

    public function tokencheckAction()
    {
        $this->view->sessionToken = $this->security->getSessionToken();
        $this->view->token = $this->request->getQuery('token', null, null);
    }
  1. append app/views/index/tokencheck.volt
<div>sessionToken:{{ sessionToken }}</div>
<div>token:{{ token }}</div>

access / and click token check.
I hope that it becomes token equals sessionToken.
but result is

sessionToken:SfVRGoK1MY3GAVD
token:aYFN1Qa5SG8xvr1o

In addition, I was begun to write in log as follows.

Sun, 27 Dec 15 00:48:49 +0900 DEBUG  call indexAction
Sun, 27 Dec 15 00:48:50 +0900 DEBUG  call indexAction

indexAction called twice for some reason. . .?



767
edited Dec '15

favicon access and CSS and images tend to make the index be called twice when the route is setup too loosely.

I added public/favicon.ico and tried again.

Then token became same as sessionToken.

sessionToken:6HSc2hlsXiBozAxN
token:6HSc2hlsXiBozAxN

Thanks you.