session_start(); $_SESSION['token'] = bin2hex(random_bytes(32));
session_start(); if (isset($_SESSION['token']) && $_SESSION['token'] === $token) { // Token is valid } else { // Token is invalid }
use Illuminate\Support\Str; $token = Str::random(32);
use Illuminate\Http\Request; public function handle(Request $request, Closure $next) { $token = $request->input('token'); if ($request->session()->get('token') !== $token) { abort(403, 'Unauthorized'); } return $next($request); }In this example, we use the `input` method to retrieve the token value from the request, and the `get` method to retrieve the stored session token. If the two values do not match, the middleware returns a 403 HTTP error. Otherwise, it allows the request to proceed.