ivo/ponzi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Tweak the CSRF token a little more.

Browse Source
This commit is contained in:
Taylor Otwell
2011-11-03 09:21:27 -05:00
parent d0c3d65722
commit aa55f3441f
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
laravel/session.php
View File

@@ -37,13 +37,16 @@ class Session {
{
static::$exists = false;
static::$session = array('id' => Str::random(40), 'data' => array());
}
if ( ! static::has('csrf_token'))
{
// A CSRF token is stored in every session. The token is used by the
// Form class and the "csrf" filter to protect the application from
// cross-site request forgery attacks. The token is simply a long,
// random string which should be posted with each request.
$csrf_token = Str::random(40);
static::$session = array('id' => Str::random(40), 'data' => compact('csrf_token'));
static::put('csrf_token', Str::random(40));
}
}