Skip to content

U
UserAdminV2
Commit aa55f344 by Taylor Otwell
Options

Tweak the CSRF token a little more.

parent d0c3d657
Showing with 6 additions and 3 deletions
laravel/session.php
...@@ -37,13 +37,16 @@ class Session { ...@@ -37,13 +37,16 @@ class Session {
{ {
static::$exists = false; static::$exists = false;
static::$session = array('id' => Str::random(40), 'data' => array());
}
if ( ! static::has('csrf_token'))
{
// A CSRF token is stored in every session. The token is used by the // A CSRF token is stored in every session. The token is used by the
// Form class and the "csrf" filter to protect the application from // Form class and the "csrf" filter to protect the application from
// cross-site request forgery attacks. The token is simply a long, // cross-site request forgery attacks. The token is simply a long,
// random string which should be posted with each request. // random string which should be posted with each request.
$csrf_token = Str::random(40); static::put('csrf_token', Str::random(40));
static::$session = array('id' => Str::random(40), 'data' => compact('csrf_token'));
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment