22 lines
652 B
Plaintext
22 lines
652 B
Plaintext
:sig
|
|
void csrf_rotate(String session_name = "uce-session", String token_name = "csrf_token")
|
|
|
|
:params
|
|
session_name : session/cookie name used by `csrf_token()`
|
|
token_name : form/action token namespace to clear
|
|
|
|
:content
|
|
Starts the named session if needed and clears the stored CSRF token for `token_name`. The next `csrf_token()` call creates a new token. Rotate after sensitive successful mutations when replaying the same submitted form should fail.
|
|
|
|
:example
|
|
String old_token = csrf_token();
|
|
csrf_rotate();
|
|
String new_token = csrf_token();
|
|
print(old_token != new_token ? "rotated\n" : "unchanged\n");
|
|
|
|
:see
|
|
>http
|
|
csrf_token
|
|
csrf_valid
|
|
session_start
|