Make form_key/csrf token regeneration configurable.

Luracast / Restler

Simple and effective multi-format Web API Server to host your PHP API as Pragmatic REST and/or RESTful API

http://luracast.com/products/restler/

GNU Lesser General Public License v2.1

1.36k stars 315 forks source link

Make form_key/csrf token regeneration configurable. #664

Closed RahulKumarSaini closed 3 years ago

RahulKumarSaini commented 3 years ago

Fix #662

This change will allow to make form_key/csrf token regeneration configurable. It will allow following two scheme for csrf token generation using boolean setting Form::$form_key_regenerate

New form_key/csrf token for every instance of a form.
Single form_key/csrf token for all instance of a form thought the entire session.

Default will be 1 scheme