public function testThatExpiredCSRFSessionRaisesError()
{
# Create CSRF token (no post yet so doesn't authenticate)
NeechySecurity::prevent_csrf();
# Simulate POST form rendered with valid CSRF token
$_POST['csrf_token'] = $_SESSION['csrf_token'];
# Simulate SESSION expiring before form posted
session_unset();
# Simulate form post
$this->setExpectedException('NeechyCsrfError');
NeechySecurity::prevent_csrf();
}
public function serve()
{
try {
NeechySecurity::start_session();
NeechySecurity::prevent_csrf();
$this->request = NeechyRequest::load();
$this->validate_environment();
$handler = $this->load_handler();
$response = $handler->handle();
} catch (NeechyError $e) {
$handler = new ErrorHandler($this->request);
$response = $handler->handle_error($e);
}
$response->send_headers();
$response->render();
}
