public function testCSRFTokenValidateReturnsFalseForExpiredToken()
 {
     $secret = 'secret';
     $user = '******';
     $timeValidUntil = time() - 1;
     $token = SecurityUtil::csrfTokenGenerate($secret, $user, $timeValidUntil);
     $this->assertFalse(SecurityUtil::csrfTokenValidate($secret, $user, $token));
 }