protected static function set_token($reset = false) { // re-use old token when found (= not expired) and expiration is used (otherwise always reset) if (!$reset and static::$csrf_old_token and \Config::get('security.csrf_expiration', 0) > 0) { static::$csrf_token = static::$csrf_old_token; } else { static::$csrf_token = md5(uniqid() . time()); $expiration = \Config::get('security.csrf_expiration', 0); \Cookie::set(static::$csrf_token_key, static::$csrf_token, $expiration); } }
/** * Fetch CSRF Token from cookie * * @return string */ public static function fetch_token() { if (static::$csrf_token !== false) { return static::$csrf_token; } static::$csrf_token = \Input::cookie(static::$csrf_token_key, null); if (static::$csrf_token === null || \Config::get('security.csrf_expiration', 0) <= 0) { // set new token for next session when necessary static::regenerate_token(); } return static::$csrf_token; }