Csrf-token are now refreshed on each page-load to avoid timeout.

2026-06-17 00:37:52 +00:00 · 2017-11-10 12:59:59 +01:00
parent 97753f5370
commit c3072e8886
2 changed files with 21 additions and 7 deletions
@@ -20,7 +20,7 @@ class BaseCsrfVerifier implements IMiddleware
        $this->csrfToken = new CsrfToken();

        // Generate or get the CSRF-Token from Cookie.
-        $this->token = ($this->hasToken() === false) ? $this->generateToken() : $this->csrfToken->getToken();
+        $this->token = $this->csrfToken->getToken($this->generateToken());
    }

    /**
@@ -73,6 +73,9 @@ class BaseCsrfVerifier implements IMiddleware

        }

+        // Refresh existing token
+        $this->csrfToken->refresh();
+
    }

    public function generateToken()