Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

generateCsrfToken #9300

Copy link
Copy link
Closed
Closed
Copy link
@t3chn0r

Description

@t3chn0r
Issue body actions

II'm not sure if I understand what generateCsrfToken() is supposed to do so bare with me for a second. My understanding is that generateCsrfToken() generates a random string of characters/numbers based on an "intention" that is passed to it. Now, my understanding is that this random set of characters/numbers changes every time I call the function even with the same intention string... Is this wrong?

I just created a simple controller action that generates the CSRF with the same intention 5 times but the CSRF generated is alway the same:

/**
     * @Route("/csrf", name="_le_test_csrf")
     */
    public function csrfAction()
    {
        $csrfs = $this->container->get('form.csrf_provider')->generateCsrfToken('test').'<br>';
        $csrfs .= $this->container->get('form.csrf_provider')->generateCsrfToken('test').'<br>';
        $csrfs .= $this->container->get('form.csrf_provider')->generateCsrfToken('test').'<br>';
        $csrfs .= $this->container->get('form.csrf_provider')->generateCsrfToken('test').'<br>';
        $csrfs .= $this->container->get('form.csrf_provider')->generateCsrfToken('test').'<br>';

        return new Response($csrfs);
    }
6af5e27e57cde92e85fdd80d6ace6ad8ba241aa9
6af5e27e57cde92e85fdd80d6ace6ad8ba241aa9
6af5e27e57cde92e85fdd80d6ace6ad8ba241aa9
6af5e27e57cde92e85fdd80d6ace6ad8ba241aa9
6af5e27e57cde92e85fdd80d6ace6ad8ba241aa9

Every single form in my application is submitted via Ajax and I'm trying to change and update the CSRF field in the form on each submission to make sure the same CSRF is not used twice but I found out that I can't generate a new CSRF token with the same intention.

Any help will be appreciated.

Regards

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      Morty Proxy This is a proxified and sanitized view of the page, visit original site.