Handle CSRF tokens in vanilla systems

2.0.0 2023-05-31 07:29 UTC

This package is auto-updated.

Last update: 2024-03-30 00:38:21 UTC


This package will make it easy for you to handle CSRF tokens in forms, for systems that might not use fancy frameworks etc.

The idea itself comes from here: https://brightsec.com/blog/csrf-token/

Getting started

The package is availabe here on Github and on Packagist


To use the system, simply require it using composer:

composer require jimmiw/csrf

Using the component

Using the component is pretty easy, simply construct the class and call generateToken.

use Westsworld\CSRF\Generator;

// you can add a custom session handler, when creating the token handler in the construct method.
$tokenHandler = new Generator();
// the generated token is stored in the session
$token = $tokenHandler->generateToken();

<form method="post">
  <input type="hidden" name="<?php echo $token->getKey(); ?>" value="<?php echo $token->getValue(); ?>" />
  <input type="hidden" name="token-key" value="<?php echo $token->getKey(); ?>" />
  ... other form fields here

When the form is posted to your page, simply create a new token handler and call validateToken:

$tokenHandler = new Generator();
if (! $tokenHandler->validateToken($_POST['token-key'])) {
    exit('token is not valid!');
} else {
    // handle the form saving here