From c3072e8886a208c0414eec3b7afaa292615f6fda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Sessing=C3=B8?= Date: Fri, 10 Nov 2017 12:59:59 +0100 Subject: [PATCH] Csrf-token are now refreshed on each page-load to avoid timeout. --- src/Pecee/CsrfToken.php | 23 ++++++++++++++----- .../Http/Middleware/BaseCsrfVerifier.php | 5 +++- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/src/Pecee/CsrfToken.php b/src/Pecee/CsrfToken.php index 0828279..87b47b5 100644 --- a/src/Pecee/CsrfToken.php +++ b/src/Pecee/CsrfToken.php @@ -1,4 +1,5 @@ token = $token; setcookie(static::CSRF_KEY, $token, time() + 60 * 120, '/'); } /** * Get csrf token + * @param string|null $defaultValue * @return string|null */ - public function getToken() + public function getToken($defaultValue = null) { - if ($this->hasToken() === true) { - return $_COOKIE[static::CSRF_KEY]; - } + $this->token = ($this->hasToken() === true) ? $_COOKIE[static::CSRF_KEY] : null; - return null; + return ($this->token !== null) ? $this->token : $defaultValue; + } + + /** + * Refresh existing token + */ + public function refresh() + { + if ($this->token !== null) { + $this->setToken($this->token); + } } /** diff --git a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php index 6791029..7eb80d6 100644 --- a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php +++ b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php @@ -20,7 +20,7 @@ class BaseCsrfVerifier implements IMiddleware $this->csrfToken = new CsrfToken(); // Generate or get the CSRF-Token from Cookie. - $this->token = ($this->hasToken() === false) ? $this->generateToken() : $this->csrfToken->getToken(); + $this->token = $this->csrfToken->getToken($this->generateToken()); } /** @@ -73,6 +73,9 @@ class BaseCsrfVerifier implements IMiddleware } + // Refresh existing token + $this->csrfToken->refresh(); + } public function generateToken()