lithium\security\validation\RequestToken::get()
Generates (or regenerates) a cryptographically-secure token to be used for the life of the
client session, and stores the token using the Session
class.
Parameters
-
array
$options
An array of options to be used when generating or storing the token:
'regenerate'
boolean: Iftrue
, will force the regeneration of a the token, even if one is already available in the session. Defaults tofalse
.'sessionKey'
string: The key used for session storage and retrieval. Defaults to'security.token'
.'salt'
string: If the token is being generated (or regenerated), sets a custom salt value to be used byHash::calculate()
.'type'
string: The hashing algorithm used byHash::calculate()
when generating the token. Defaults to'sha512'
.
Returns
stringReturns a cryptographically-secure client session token.
Source
public static function get(array $options = []) {
$defaults = [
'regenerate' => false,
'sessionKey' => 'security.token',
'salt' => null,
'type' => 'sha512'
];
$options += $defaults;
$session = static::$_classes['session'];
if ($options['regenerate'] || !($token = $session::read($options['sessionKey']))) {
$token = Hash::calculate(uniqid(microtime(true)), $options);
$session::write($options['sessionKey'], $token);
}
return $token;
}