You are here

public function AnonymousCsrfTokenGenerator::validate in Anonymous CSRF Token 2.x

To leverage single use CSRF tokens, we reset the CSRF seed after a match.

Overrides CsrfTokenGenerator::validate

File

src/Access/AnonymousCsrfTokenGenerator.php, line 81

Class

AnonymousCsrfTokenGenerator
Class AnonymousCsrfTokenGenerator.

Namespace

Drupal\anonymous_token\Access

Code

public function validate($token, $value = '') {
  $valid = parent::validate($token, $value);
  if ($valid === TRUE && $this->currentUser
    ->isAnonymous() && (bool) $this->config
    ->get('force_single_use') === TRUE) {
    $this->sessionMetadata
      ->clearCsrfTokenSeed();
  }
  return $valid;
}