rafalmasiarek/csrf-token

Encrypted CSRF token library with fingerprint and caching (file, MySQL, Redis)

dev-main 2025-07-10 21:23 UTC

This package is auto-updated.

Last update: 2025-07-10 21:26:56 UTC


README

A secure, stateless CSRF protection system using encrypted fingerprints containing:

  • CSRF token
  • Client IP
  • User-Agent
  • Timestamp (iat)

Encrypted with AES-256-GCM and compatible with caching layers.

Features

  • Stateless CSRF token with embedded fingerprint
  • AES-256-GCM encryption with IV and tag
  • iat timestamp support (TTL)
  • Optional caching (file, MySQL, Redis)
  • Read-only cache support
  • Garbage collector for file cache

Usage

See examples/ for usage examples.

Garbage Collection (File Cache)

php bin/garbage_collector.php

License

MIT