In my PHP code using ZF1, I am generating security hases and storing them in an array as following:
$securityHash = Utility::generateSecurityToken();
$session = new Zend_Session_Namespace();
$session->securityHashStore[] = $securityHash;
I am generating multiple hashes as you can see and storing them. Now, when a particular action has been performed which needs a hash, the hash corresponding to that action is validated removed from the array.
But now, I want to remove the $securityHash
from the securityHashStore
array, say 6000 seconds after it was created so that it is invalidated. However, the hashes generated less than 6000 seconds ago will not be removed.
How can I achieve this? Thanks.
EDIT 1:
securityHashStore
stores CSRF tokens for forms. These tokens are removed from the securityHashStore
once the form corresponding to that CSRF is submitted. But now I need to handle the use case of user navigating away from the webpage and/or closing the modal
containing the form. In that case, I want to remove the CSRF from the array.