-
Notifications
You must be signed in to change notification settings - Fork 0
Token
graphidev edited this page Nov 26, 2013
·
1 revision
The Token class allow you to generate and check tokens in order to secure your web application.
As you can use multiple tokens in a same action, a token ID is required for each token you will generate and check. The token lifetime will always be defined at the verification step.
The following method will generate a unique token key, keep it in a session and return it key.
$token = Token::generate('my_token_id'); // e.g: ad31b2bc7bef5d961d3be53622794c92d3eb18f052945726167a5
The token verification need a parameter which is the token ID.
$is_authorized = Token::generate('my_token_id');
The token lifetime is defined by the tokens lifetime constant (in /var/settings.php). But you can set a particular lifetime in this method as following :
$is_authorized = Token::generate('my_token_id', 120); // This token will expire after 2 minutes
Don't forget to destroy generated tokens in order to disallow multiple requests.
Token::destroy('my_token_id'); // This token will no more be available