summaryrefslogtreecommitdiffstats
path: root/app/classes/CSRF.php
diff options
context:
space:
mode:
Diffstat (limited to 'app/classes/CSRF.php')
-rw-r--r--app/classes/CSRF.php8
1 files changed, 7 insertions, 1 deletions
diff --git a/app/classes/CSRF.php b/app/classes/CSRF.php
index 3e23380..639f573 100644
--- a/app/classes/CSRF.php
+++ b/app/classes/CSRF.php
@@ -5,6 +5,9 @@ class CSRF
/** @var string */
const HMAC_ALGORITHM = 'sha1';
+ /** @var string */
+ const SESSION_KEY_NAME = '_csrf_key';
+
/**
* Ensure that a CSRF token is valid for a given action.
*
@@ -44,6 +47,9 @@ class CSRF
*/
public static function getKey()
{
- return session_id();
+ if (empty($_SESSION[self::SESSION_KEY_NAME])) {
+ $_SESSION[self::SESSION_KEY_NAME] = random_bytes(16);
+ }
+ return $_SESSION[self::SESSION_KEY_NAME];
}
}
generated by cgit v1.2.1 (git 2.21.0) at 2024-06-06 12:57:31 +0000