SessionCSRF class

Provides an API for cross site request forgery protection.

// output somewhere in form markup when rendering a form
echo $session->CSRF->renderInput();
// when processing form (POST request), check to see if token is present
if($session->CSRF->hasValidToken()) {
  // form submission is valid
  // okay to process
} else {
  // form submission is NOT valid
  throw new WireException('CSRF check failed!');
}
// this alternative to hasValidToken() throws WireCSRFException when invalid
$session->CSRF->validate(); 

Click any linked item for full usage details and examples. Hookable methods are indicated with the icon. In addition to those shown below, the SessionCSRF class also inherits all the methods and properties of: Wire.

Show class?             Show args?        

Initiating

NameReturnSummary 
SessionCSRF::getSingleUseToken()
arrayGet a CSRF Token name and value that can only be used once 
SessionCSRF::getToken()
arrayGet a CSRF Token name and value 
SessionCSRF::getTokenName()
stringGet a CSRF Token name, or create one if it doesn't yet exist 
SessionCSRF::getTokenTime()
stringGet a CSRF Token timestamp 
SessionCSRF::getTokenValue()
stringGet a CSRF Token value as stored in the session, or create one if it doesn't yet exist 
SessionCSRF::renderInput()
stringRender a form input[hidden] containing the token name and value, as looked for by hasValidToken() 

Validating

NameReturnSummary 
SessionCSRF::hasValidToken()
boolReturns true if the current POST request contains a valid CSRF token, false if not 
SessionCSRF::validate()
boolThrows an exception if the token is invalid 

Resetting

Additional methods and properties

In addition to the methods and properties above, SessionCSRF also inherits the methods and properties of these classes:

API reference based on ProcessWire core version 3.0.185

Twitter updates

  • ProcessWire 3.0.192 (dev branch) contains 11 issue fixes and 5 pull requests, over 20 commits— More
    7 January 2022
  • ProcessWire 3.0.191 core updates: updates to the installer and the profile exporter module— More
    24 December 2021
  • This week ProcessWire went on a diet, trimming the core size from 15.5 MB down to 7.5 MB by moving optional site profiles into their own GitHub repos— More
    17 December 2021

Latest news

  • ProcessWire Weekly #402
    In the 402nd issue of ProcessWire Weekly we'll check out ProcessWire 3.0.193, highlight recent ProcessWire projects and resources, and more. Read on!
    Weekly.pw / 22 January 2022
  • ProcessWire 3.0.190 core updates
    ProcessWire 3.0.190 has 15 commits relative to 3.0.189 and contains a mixture of issue resolutions and feature additions. This post covers them all, in addition to updates for the PageAutosave and ProFields Table modules.
    Blog / 3 December 2021
  • Subscribe to weekly ProcessWire news

“To Drupal, or to ProcessWire? The million dollar choice. We decided to make an early switch to PW. And in retrospect, ProcessWire was probably the best decision we made. Thanks are due to ProcessWire and the amazing system and set of modules that are in place.” —Unni Krishnan, Founder of PigtailPundits