I am attempting to create a per-request CSRF token (basically, I create a value on every page load, set the SESSION value to equal it, and then it gets sent in an HTTP request upon which I verify if it matches the SESSION value). For now, I crudely use the rand() function like this:
$c_token = rand();
$_SESSION['token'] = $c_token;
however, on page refresh, SESSION does not preserve the chosen value of $c_token, instead calling the rand function again and getting a new value. How can I ensure the SESSION preserves the same value as $c_token on a page reload (i.e., how do I prevent the SESSION value from re-calling the rand() function and getting assigned a different value?).
I have looked at a similar problem - EDIT: one answer suggests using a function to return the rand() value. However, given each form is created via for loop, I get a cannot redeclare function error so this way would not work it seems.
Aucun commentaire:
Enregistrer un commentaire