$session->CSRF() method

Return an instance of ProcessWire’s CSRF object, which provides an API for cross site request forgery protection.

Examples

// output somewhere in <form> markup when rendering a form
echo $session->CSRF->renderInput();
// when processing form (POST request), check to see if token is present
if($session->CSRF->hasValidToken()) {
  // form submission is valid
  // okay to process
} else {
  // form submission is NOT valid
  throw new WireException('CSRF check failed!');
}

Usage

$sessionCSRF = $session->CSRF();

Return value

See Also


$session methods and properties

API reference based on ProcessWire core version 3.0.185

Twitter updates

  • ProcessWire 3.0.192 (dev branch) contains 11 issue fixes and 5 pull requests, over 20 commits— More
    7 January 2022
  • ProcessWire 3.0.191 core updates: updates to the installer and the profile exporter module— More
    24 December 2021
  • This week ProcessWire went on a diet, trimming the core size from 15.5 MB down to 7.5 MB by moving optional site profiles into their own GitHub repos— More
    17 December 2021

Latest news

  • ProcessWire Weekly #402
    In the 402nd issue of ProcessWire Weekly we'll check out ProcessWire 3.0.193, highlight recent ProcessWire projects and resources, and more. Read on!
    Weekly.pw / 22 January 2022
  • ProcessWire 3.0.190 core updates
    ProcessWire 3.0.190 has 15 commits relative to 3.0.189 and contains a mixture of issue resolutions and feature additions. This post covers them all, in addition to updates for the PageAutosave and ProFields Table modules.
    Blog / 3 December 2021
  • Subscribe to weekly ProcessWire news

“…building with ProcessWire was a breeze, I really love all the flexibility the system provides. I can’t imagine using any other CMS in the future.” —Thomas Aull