SessionCSRF class

Provides an API for cross site request forgery protection.

// output somewhere in form markup when rendering a form
echo $session->CSRF->renderInput();
// when processing form (POST request), check to see if token is present
if($session->CSRF->hasValidToken()) {
  // form submission is valid
  // okay to process
} else {
  // form submission is NOT valid
  throw new WireException('CSRF check failed!');
}
// this alternative to hasValidToken() throws WireCSRFException when invalid
$session->CSRF->validate(); 

Click any linked item for full usage details and examples. Hookable methods are indicated with the icon. In addition to those shown below, the SessionCSRF class also inherits all the methods and properties of: Wire.

Show class?             Show args?        

Initiating

NameReturnSummary 
SessionCSRF::getSingleUseToken()
arrayGet a CSRF Token name and value that can only be used once 
SessionCSRF::getToken()
arrayGet a CSRF Token name and value 
SessionCSRF::getTokenName()
stringGet a CSRF Token name, or create one if it doesn't yet exist 
SessionCSRF::getTokenTime()
stringGet a CSRF Token timestamp 
SessionCSRF::getTokenValue()
stringGet a CSRF Token value as stored in the session, or create one if it doesn't yet exist 
SessionCSRF::renderInput()
stringRender a form input[hidden] containing the token name and value, as looked for by hasValidToken() 

Validating

NameReturnSummary 
SessionCSRF::hasValidToken()
boolReturns true if the current POST request contains a valid CSRF token, false if not 
SessionCSRF::validate()
boolThrows an exception if the token is invalid 

Resetting

Additional methods and properties

In addition to the methods and properties above, SessionCSRF also inherits the methods and properties of these classes:

API reference based on ProcessWire core version 3.0.148

Twitter updates

  • Weekly update for Jan 10, 2020—front-end file uploads in LoginRegisterPro with InputfieldFrontendFile module: More
    10 January 2020
  • If you haven't seen it yet, be sure to check out this great infographic by @teppokoivula in ProcessWire Weekly #294— How ProcessWire professionals work—the results of our recent weekly polls summarised: weekly.pw/issue/294/#how…
    3 January 2020
  • Today we have a new master version released, 3.0.148! There are 25 new versions worth of upgrades, fixes and optimizations in this new master version, relative to the previous. In this post we take a closer look at what’s new, how to upgrade, & more— More
    3 January 2020

Latest news

  • ProcessWire Weekly #298
    In the 298th issue of ProcessWire Weekly we're going to take a quick look at the latest core updates, introduce the PWGeeks project, and highlight some recently released ProcessWire content. Read on!
    Weekly.pw / 25 January 2020
  • ProcessWire 3.0.148 new master
    Today we have a new master version released, version 3.0.148! The last master version was 3.0.123, so there are 25 new versions worth of upgrades, fixes and optimizations in this new master version, relative to the previous. In this post we’ll take a closer look at what’s new, how to upgrade, and more.
    Blog / 3 January 2020
  • Subscribe to weekly ProcessWire news

“We chose ProcessWire because of its excellent architecture, modular extensibility and the internal API. The CMS offers the necessary flexibility and performance for such a complex website like superbude.de. ProcessWire offers options that are only available for larger systems, such as Drupal, and allows a much slimmer development process.” —xport communication GmbH