function __construct() { $this->_session = new CHttpSession(); $this->_session->start(); //session start $this->_cookie = new CHttpCookie(); $this->_csrfTokenName = $this->_actionName . '_anti_csrf_token'; $this->_inJectParams(); //http 参数注入 $saveModuleConfig = CFactory::loadConfig('safeModuleConfig'); if ($this->_config['csrfTokenValid'] && $this->getRequestType() != 'GET') { //csrf token验证, get请求不需处理 if (isset($saveModuleConfig['csrfTokenValid']) && $saveModuleConfig['csrfTokenValid'] == 0) { //绕过csrf token验证 } else { $this->_validateCsrfToken(); } } }