SynchronizerTokenProvider
in package
implements
TokenProviderInterface
Uses
BadExpireTrait, BadStorageSizeTrait, BadTokenLengthTrait, SessionNotStartedTrait
CSRF random (aka Synchronizer) token pattern provider.
A random token with the expire time in this type of tokek, the token with the time are stored in session but only the token is returned.
The difficulty about guess the token is proportional to his length, the formula is 1/16^(token_length*2).
Using a token of 16 byte means 1/16^(16*2), 1/16^32.
Who tray to guess the token has
a possibility of 1/(a number greater than the number of atoms in universe).
Interfaces, Classes, Traits and Enums
- TokenProviderInterface
- Token provider interface.
Table of Contents
- __construct() : mixed
- Class constructor.
- getToken() : string
- Return new Synchronizer based Token.
- validate() : bool
- Validate Synchronizer based Token.
Methods
__construct()
Class constructor.
public
__construct([int $expire = 600 ][, int $storageSize = 10 ][, int $tokenLength = 32 ]) : mixed
Parameters
- $expire : int = 600
-
Token validity in seconds, default 600 -> 10 minutes.
- $storageSize : int = 10
-
Maximum token stored in session.
- $tokenLength : int = 32
-
The desidered token length in bytes, token will be the double in chars.
Tags
Return values
mixed —getToken()
Return new Synchronizer based Token.
public
getToken() : string
Return values
string —The token in hex format.
validate()
Validate Synchronizer based Token.
public
validate(string $token) : bool
Parameters
- $token : string
-
Token must be validated, hex format.
Return values
bool —True if the token is valid, false otherwise.