Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
Logout should only work as a POST request #124
and 1 other
commented on an outdated diff
Aug 26, 2012
|@@ -0,0 +1,29 @@|
|+use Zend\Validator\Csrf as CsrfValidator;|
|+class LogoutFilter extends ProvidesEventsInputFilter|
|+ public function __construct()|
|+ // Allow CSRF to timeout with session. Csrf element/validator uses 300 by default.|
|+ $sessionLifetime = ini_get("session.gc_maxlifetime");|
|+ $csrfValidator = new CsrfValidator(array('name' => 'csrf', 'timeout' => $sessionLifetime));|