/** * 验证csrf token, 验证成功后删除 */ private function _validateCsrfToken() { $valid = false; $csrfSessionToken = $this->_session->getSession($this->_csrfTokenName); if (!empty($this->csrfToken) && !empty($csrfSessionToken) && $this->csrfToken == $csrfSessionToken) { if ($this->csrfToken === $csrfSessionToken) { $valid = true; } } if (!$valid) { throw new CException(array('asdfasfasf'), ''); } }