Description
II'm not sure if I understand what generateCsrfToken() is supposed to do so bare with me for a second. My understanding is that generateCsrfToken() generates a random string of characters/numbers based on an "intention" that is passed to it. Now, my understanding is that this random set of characters/numbers changes every time I call the function even with the same intention string... Is this wrong?
I just created a simple controller action that generates the CSRF with the same intention 5 times but the CSRF generated is alway the same:
/**
* @Route("/csrf", name="_le_test_csrf")
*/
public function csrfAction()
{
$csrfs = $this->container->get('form.csrf_provider')->generateCsrfToken('test').'<br>';
$csrfs .= $this->container->get('form.csrf_provider')->generateCsrfToken('test').'<br>';
$csrfs .= $this->container->get('form.csrf_provider')->generateCsrfToken('test').'<br>';
$csrfs .= $this->container->get('form.csrf_provider')->generateCsrfToken('test').'<br>';
$csrfs .= $this->container->get('form.csrf_provider')->generateCsrfToken('test').'<br>';
return new Response($csrfs);
}
6af5e27e57cde92e85fdd80d6ace6ad8ba241aa9
6af5e27e57cde92e85fdd80d6ace6ad8ba241aa9
6af5e27e57cde92e85fdd80d6ace6ad8ba241aa9
6af5e27e57cde92e85fdd80d6ace6ad8ba241aa9
6af5e27e57cde92e85fdd80d6ace6ad8ba241aa9
Every single form in my application is submitted via Ajax and I'm trying to change and update the CSRF field in the form on each submission to make sure the same CSRF is not used twice but I found out that I can't generate a new CSRF token with the same intention.
Any help will be appreciated.
Regards