So i am trying to add the token method as an extra security feature in the login and what i did is the following
login.php
$token = $_SESSION['token'] = md5(uniqid(mt_rand(),true));
if(Yii::app()->user->hasFlash('error')){
?>
<div class="flashMessage">
<?php echo Yii::app()->user->getFlash('error') ?>
</div>
<?php
}
?>
<input type="hidden" name="token" value="<?php echo $token ?>"/>
//Rest of the form
Now inside action Login I have the following.
// collect user input data
if(isset($_POST['LoginForm'])){
//Check if the token matches
if($_POST['token'] == $_SESSION['token']){
$model->attributes=$_POST['LoginForm'];
// validate user input and redirect to the previous page if valid
if($model->validate() && $model->login())
$this->redirect(Yii::app()->user->returnUrl);
}
}
Now when I try and log in i get the following error
Undefined variable: _SESSION
I don't understand why its telling that the session is not existing since it has the same name.
Any help i appricate