My session is not being set and I'm not sure why...
public static function generate( $key )
{
$extra = self::$doOriginCheck ? sha1( $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] ) : '';
$token = base64_encode( time() . $extra . self::randomString( 32 ) );
$_SESSION[ 'csrf_' . $key ] = $token;
return $token;
}
I use that to generate a key. On my log in form, after including my session file, I use:
$token = CSRF::generate("token"); // class name is CSRF
I then use it $token
as a hidden value which is submitted along with the form.
Now to check it, I use a function called check() (this is the part where the exception is thrown:
public static function check( $key, $origin, $throwException=false, $timespan=null, $multiple=false )
{
if ( !isset( $_SESSION[ 'csrf_' . $key ] ) )
if($throwException)
throw new Exception( 'Missing session token.' );
else
return false;
....
I'm checking it as following:
CSRF::check($token, $_POST, true, 60*10, false);
($token is the token submitted). Why is is not saving the token in the session?