public function CsrfTokenGenerator::get in Drupal 9
Same name and namespace in other branches
- 8 core/lib/Drupal/Core/Access/CsrfTokenGenerator.php \Drupal\Core\Access\CsrfTokenGenerator::get()
Generates a token based on $value, the user session, and the private key.
The generated token is based on the session of the current user. Normally, anonymous users do not have a session, so the generated token will be different on every page request. To generate a token for users without a session, manually start a session prior to calling this function.
Parameters
string $value: (optional) An additional value to base the token on.
Return value
string A 43-character URL-safe token for validation, based on the token seed, the hash salt provided by Settings::getHashSalt(), and the 'drupal_private_key' configuration variable.
See also
\Drupal\Core\Site\Settings::getHashSalt()
\Symfony\Component\HttpFoundation\Session\SessionInterface::start()
File
- core/
lib/ Drupal/ Core/ Access/ CsrfTokenGenerator.php, line 63
Class
- CsrfTokenGenerator
- Generates and validates CSRF tokens.
Namespace
Drupal\Core\AccessCode
public function get($value = '') {
$seed = $this->sessionMetadata
->getCsrfTokenSeed();
if (empty($seed)) {
$seed = Crypt::randomBytesBase64();
$this->sessionMetadata
->setCsrfTokenSeed($seed);
}
return $this
->computeToken($seed, $value);
}