function CsrfTokenGenerator::validate

Same name and namespace in other branches

9 core/lib/Drupal/Core/Access/CsrfTokenGenerator.php \Drupal\Core\Access\CsrfTokenGenerator::validate()
8.9.x core/lib/Drupal/Core/Access/CsrfTokenGenerator.php \Drupal\Core\Access\CsrfTokenGenerator::validate()
10 core/lib/Drupal/Core/Access/CsrfTokenGenerator.php \Drupal\Core\Access\CsrfTokenGenerator::validate()

Validates a token based on $value, the user session, and the private key.

Parameters

string $token: The token to be validated.

string $value: (optional) An additional value to base the token on.

Return value

bool TRUE for a valid token, FALSE for an invalid token.

File

core/lib/Drupal/Core/Access/CsrfTokenGenerator.php, line 84

Class

CsrfTokenGenerator: Generates and validates CSRF tokens.

Namespace

Drupal\Core\Access

Code

public function validate($token, $value = '') {
    $seed = $this->sessionMetadata
        ->getCsrfTokenSeed();
    if (empty($seed)) {
        return FALSE;
    }
    $value = $this->computeToken($seed, $value);
    // PHP 8.0 strictly type hints for hash_equals. Maintain BC until we can
    // enforce scalar type hints on this method.
    if (!is_string($token)) {
        return FALSE;
    }
    return hash_equals($value, $token);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.

function CsrfTokenGenerator::validate

Parameters

Return value

File

Class

Namespace

Code

Search drupal 11.x

API Navigation

Breadcrumb

function CsrfTokenGenerator::validate

Parameters

Return value

File

Class

Namespace

Code

Search drupal 11.x

API Navigation