$session->CSRF() method

Return an instance of ProcessWire’s CSRF object, which provides an API for cross site request forgery protection.

Examples

// output somewhere in <form> markup when rendering a form
echo $session->CSRF->renderInput();
// when processing form (POST request), check to see if token is present
if($session->CSRF->hasValidToken()) {
  // form submission is valid
  // okay to process
} else {
  // form submission is NOT valid
  throw new WireException('CSRF check failed!');
}

Usage

$sessionCSRF = $session->CSRF();

Return value

See Also


$session methods and properties

API reference based on ProcessWire core version 3.0.209

Twitter updates

  • Adding custom actions to ProcessWire image fields in the admin, part of this week’s dev branch additions: More
    27 January 2023
  • ProcessWire 3.0.210 new main/master version released— More
    6 January 2023
  • ProcessWire 3.0.209: Core updates and an interesting AI that knows ProcessWire– More
    30 December 2022

Latest news

  • ProcessWire Weekly #455
    In the 455th issue of ProcessWire Weekly we'll check out the latest core updates, introduce a new third party module called JkPublishPages, and more. Read on!
    Weekly.pw / 28 January 2023
  • ProcessWire 3.0.210 new main/master version
    140 commits, 55 resolved issues, dozens of new features, eight contributors, and five new pull requests make yet another great new version of ProcessWire.
    Blog / 6 January 2023
  • Subscribe to weekly ProcessWire news

“…building with ProcessWire was a breeze, I really love all the flexibility the system provides. I can’t imagine using any other CMS in the future.” —Thomas Aull