rafalmasiarek/csrf-token

Encrypted CSRF token library with fingerprint and caching (file, MySQL, Redis)

Maintainers

Details

github.com/rafalmasiarek/php-csrf

Source

Issues

Installs: 3

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

v1.0.0 2025-07-10 21:23 UTC

Requires

  • php: >=7.4

MIT cc3d56615fd9bf2162c46146a04ebf3f930b0ffd

  • Rafal Maiarek <rafal.woop@masiarek.pl>

This package is auto-updated.

Last update: 2025-07-25 00:04:44 UTC

README

A secure, stateless CSRF protection system using encrypted fingerprints containing:

  • CSRF token
  • Client IP
  • User-Agent
  • Timestamp (iat)

Encrypted with AES-256-GCM and compatible with caching layers.

Features

  • Stateless CSRF token with embedded fingerprint
  • AES-256-GCM encryption with IV and tag
  • iat timestamp support (TTL)
  • Optional caching (file, MySQL, Redis)
  • Read-only cache support
  • Garbage collector for file cache

Usage

See examples/ for usage examples.

Upgrade Notice (from v1.0.0)

In versions prior to 1.1.0, the default namespace was:

use CsrfToken\Security\EncryptedCsrfToken;

Starting from version 1.1.0 and above, the namespace has changed to:

use rafalmasiarek\CsrfToken\EncryptedCsrfToken;

Action required:
If you're upgrading from version 1.0.0, update all references to EncryptedCsrfToken in your codebase to use the new namespace.

This change was made to follow proper PSR-4 naming conventions and prevent naming conflicts in larger applications or when used as a dependency.

Garbage Collection (File Cache)

php bin/garbage_collector.php

License

MIT