function CsrfTokenGenerator::validate
Same name in other branches
- 9 core/lib/Drupal/Core/Access/CsrfTokenGenerator.php \Drupal\Core\Access\CsrfTokenGenerator::validate()
- 8.9.x core/lib/Drupal/Core/Access/CsrfTokenGenerator.php \Drupal\Core\Access\CsrfTokenGenerator::validate()
- 11.x core/lib/Drupal/Core/Access/CsrfTokenGenerator.php \Drupal\Core\Access\CsrfTokenGenerator::validate()
Validates a token based on $value, the user session, and the private key.
Parameters
string $token: The token to be validated.
string $value: (optional) An additional value to base the token on.
Return value
bool TRUE for a valid token, FALSE for an invalid token.
File
-
core/
lib/ Drupal/ Core/ Access/ CsrfTokenGenerator.php, line 84
Class
- CsrfTokenGenerator
- Generates and validates CSRF tokens.
Namespace
Drupal\Core\AccessCode
public function validate($token, $value = '') {
$seed = $this->sessionMetadata
->getCsrfTokenSeed();
if (empty($seed)) {
return FALSE;
}
$value = $this->computeToken($seed, $value);
// PHP 8.0 strictly type hints for hash_equals. Maintain BC until we can
// enforce scalar type hints on this method.
if (!is_string($token)) {
return FALSE;
}
return hash_equals($value, $token);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.