4.6.x common.inc drupal_get_token($value = '')
4.7.x common.inc drupal_get_token($value = '')
5.x common.inc drupal_get_token($value = '')
6.x common.inc drupal_get_token($value = '')
7.x common.inc drupal_get_token($value = '')

Generates a token based on $value, the user session, and the private key.


$value: An additional value to base the token on.

The generated token is based on the session ID of the current user. Normally, anonymous users do not have a session, so the generated token will be different on every page request. To generate a token for users without a session, manually start a session prior to calling this function.

Return value

string A 43-character URL-safe token for validation, based on the user session ID, the hash salt provided from drupal_get_hash_salt(), and the 'drupal_private_key' configuration variable.

See also


16 calls to drupal_get_token()
aggregator_view in modules/aggregator/aggregator.admin.inc
Displays the aggregator administration page.
batch_load in includes/batch.inc
Loads a batch from the database.
batch_process in includes/form.inc
Processes the batch.
comment_links in modules/comment/comment.module
Helper function, build links for an individual comment.
dashboard_admin in modules/dashboard/dashboard.module
Page callback: Displays the dashboard.

... See full list


includes/common.inc, line 5224
Common functions that many Drupal modules will need to reference.


function drupal_get_token($value = '') {
  return drupal_hmac_base64($value, session_id() . drupal_get_private_key() . drupal_get_hash_salt());


gapple’s picture

The value returned should always be 43 characters long

ufku’s picture

In drupal 8 use \Drupal::csrfToken()->get()