public function CsrfTokenGenerator::validate in Drupal 9
Same name and namespace in other branches
- 8 core/lib/Drupal/Core/Access/CsrfTokenGenerator.php \Drupal\Core\Access\CsrfTokenGenerator::validate()
Validates a token based on $value, the user session, and the private key.
Parameters
string $token: The token to be validated.
string $value: (optional) An additional value to base the token on.
Return value
bool TRUE for a valid token, FALSE for an invalid token.
File
- core/
lib/ Drupal/ Core/ Access/ CsrfTokenGenerator.php, line 84
Class
- CsrfTokenGenerator
- Generates and validates CSRF tokens.
Namespace
Drupal\Core\AccessCode
public function validate($token, $value = '') {
$seed = $this->sessionMetadata
->getCsrfTokenSeed();
if (empty($seed)) {
return FALSE;
}
$value = $this
->computeToken($seed, $value);
// PHP 8.0 strictly typehints for hash_equals. Maintain BC until we can
// enforce scalar typehints on this method.
if (!is_string($token)) {
return FALSE;
}
return hash_equals($value, $token);
}