function anonymous_token_form_alter in Anonymous CSRF Token 7

File

./anonymous_token.module, line 3

Code

function anonymous_token_form_alter(&$form, &$form_state, $form_id) {
  if (!isset($form['#token'])) {
    $form['anon_token'] = array(
      '#type' => 'token',
      '#default_value' => drupal_get_token(),
    );
    array_unshift($form['#validate'], 'anonymous_token_validate_anon_token');

    // store current session id
    // touching $_SESSION alone seems to preserve the session id after login
    $sess_id = session_id();
    if (isset($_SESSION)) {
      $_SESSION['anon_session_id'] = $sess_id;
    }
    else {
      $_SESSION = array(
        'anon_session_id' => $sess_id,
      );
    }
  }
}