$session->CSRF() method

Return an instance of ProcessWire’s CSRF object, which provides an API for cross site request forgery protection.

Examples

// output somewhere in <form> markup when rendering a form
echo $session->CSRF->renderInput();
// when processing form (POST request), check to see if token is present
if($session->CSRF->hasValidToken()) {
  // form submission is valid
  // okay to process
} else {
  // form submission is NOT valid
  throw new WireException('CSRF check failed!');
}

Usage

$sessionCSRF = $session->CSRF();

Return value

See Also


$session methods and properties

API reference based on ProcessWire core version 3.0.135

Twitter updates

  • New post: A look at two new WireMail modules for sending email, plus details on how you can configure ProcessWire to use Gmail for sending email— More
    19 July 2019
  • New post: Version 3.0.135 of ProcessWire on the dev branch focuses on some .htaccess updates, adds clarity to debug mode, and improves upon the installer— More
    5 July 2019
  • ProcessWire 3.0.133 adds a useful new Page::meta() method for a new type of page-specific persistent data storage, adds the ability for users to create their own bookmarks in Lister, and has a handy and time saving update for the asmSelect input type— More
    14 June 2019

Latest news

  • ProcessWire Weekly #271
    In the 271st issue of ProcessWire Weekly we're going to introduce two brand new WireMail modules, a new Textformatter module from BitPoet, and a brand new markup module from Chris Thomson. Read on!
    Weekly.pw / 20 July 2019
  • Two new WireMail modules and using Gmail with PW
    A look at two new WireMail modules for sending email, plus details on how you can configure ProcessWire to use Gmail for sending email.
    Blog / 19 July 2019
  • Subscribe to weekly ProcessWire news

“…building with ProcessWire was a breeze, I really love all the flexibility the system provides. I can’t imagine using any other CMS in the future.” —Thomas Aull