public static method

Generates (or regenerates) a cryptographically-secure token to be used for the life of the client session, and stores the token using the Session class.


  • array $options

    An array of options to be used when generating or storing the token:

    • 'regenerate' boolean: If true, will force the regeneration of a the token, even if one is already available in the session. Defaults to false.
    • 'sessionKey' string: The key used for session storage and retrieval. Defaults to 'security.token'.
    • 'salt' string: If the token is being generated (or regenerated), sets a custom salt value to be used by Hash::calculate().
    • 'type' string: The hashing algorithm used by Hash::calculate() when generating the token. Defaults to 'sha512'.



Returns a cryptographically-secure client session token.


	public static function get(array $options = []) {
		$defaults = [
			'regenerate' => false,
			'sessionKey' => 'security.token',
			'salt' => null,
			'type' => 'sha512'
		$options += $defaults;
		$session = static::$_classes['session'];

		if ($options['regenerate'] || !($token = $session::read($options['sessionKey']))) {
			$token = Hash::calculate(uniqid(microtime(true)), $options);
			$session::write($options['sessionKey'], $token);
		return $token;