rafalmasiarek/csrf-token

Encrypted CSRF token library with fingerprint and caching (file, MySQL, Redis)

Maintainers

Details

github.com/rafalmasiarek/php-csrf

Source

Issues

Installs: 0

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

dev-main 2025-07-10 21:23 UTC

Requires

  • php: >=7.4

MIT cc3d56615fd9bf2162c46146a04ebf3f930b0ffd

  • Rafal Maiarek <rafal.woop@masiarek.pl>

This package is auto-updated.

Last update: 2025-07-10 21:26:56 UTC

README

A secure, stateless CSRF protection system using encrypted fingerprints containing:

  • CSRF token
  • Client IP
  • User-Agent
  • Timestamp (iat)

Encrypted with AES-256-GCM and compatible with caching layers.

Features

  • Stateless CSRF token with embedded fingerprint
  • AES-256-GCM encryption with IV and tag
  • iat timestamp support (TTL)
  • Optional caching (file, MySQL, Redis)
  • Read-only cache support
  • Garbage collector for file cache

Usage

See examples/ for usage examples.

Garbage Collection (File Cache)

php bin/garbage_collector.php

License

MIT