function CsrfTokenGenerator::get

Same name in other branches
  1. 9 core/lib/Drupal/Core/Access/CsrfTokenGenerator.php \Drupal\Core\Access\CsrfTokenGenerator::get()
  2. 8.9.x core/lib/Drupal/Core/Access/CsrfTokenGenerator.php \Drupal\Core\Access\CsrfTokenGenerator::get()
  3. 11.x core/lib/Drupal/Core/Access/CsrfTokenGenerator.php \Drupal\Core\Access\CsrfTokenGenerator::get()

Generates a token based on $value, the user session, and the private key.

The generated token is based on the session of the current user. Normally, anonymous users do not have a session, so the generated token will be different on every page request. To generate a token for users without a session, manually start a session prior to calling this function.

Parameters

string $value: (optional) An additional value to base the token on.

Return value

string A 43-character URL-safe token for validation, based on the token seed, the hash salt provided by Settings::getHashSalt(), and the 'drupal_private_key' configuration variable.

See also

\Drupal\Core\Site\Settings::getHashSalt()

\Symfony\Component\HttpFoundation\Session\SessionInterface::start()

File

core/lib/Drupal/Core/Access/CsrfTokenGenerator.php, line 63

Class

CsrfTokenGenerator
Generates and validates CSRF tokens.

Namespace

Drupal\Core\Access

Code

public function get($value = '') {
    $seed = $this->sessionMetadata
        ->getCsrfTokenSeed();
    if (empty($seed)) {
        $seed = Crypt::randomBytesBase64();
        $this->sessionMetadata
            ->setCsrfTokenSeed($seed);
    }
    return $this->computeToken($seed, $value);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.