:sig String csrf_token(String session_name = "uce-session", String token_name = "csrf_token") :params session_name : session/cookie name to store the token under token_name : form/action token namespace inside the session return value : printable CSRF token for the active session :content Starts the named session if needed and returns a stable per-session CSRF token for `token_name`. Use it in hidden fields on forms that mutate server state, then verify the submitted value with `csrf_valid()` before applying the change. Tokens are generated from cryptographic randomness and stored in `context.session` under an internal key. Use a different `token_name` when independent forms should have independent tokens. :example String token = csrf_token("uce-doc-session"); ?>
:see >http csrf_valid csrf_rotate session_start random_bytes