Nikita Kazeichev
Reputation: 49
Symfony lifetime CSRF token
How can I get a lifetime (expires) of CSRF token in Symfony 3? I want to set the meta tag "refresh" on my login page in order to avoid errors with csrf token expired.
Upvotes: 0
Views: 5148
Answers (1)
Bhavin
Reputation: 2158
Following is a better solution than changing the CSRF token lifetime.
However, the point behind CSRF tokens is that they change frequently so that nobody can try to steal one of those tokens and then use it to make a forged request. Here's the workflow I always used in my application. So, PHP Frameworks Doesn't matter logic remains the same I have done this process in Laravel, CodeIgniter, Symfony etc.
- Request a CSRF token.
- Use the token to make requests.
- If the request fails because the token has expired, go to step 1.
Upvotes: 4
Related Questions
- CSRF Token from the controller
- Symfony2 links with CSRF token
- Symfony 3 csrf token
- Symfony 3.1 CSRF token not valid in login form
- Change CSRF token after Submission and Validation Form
- Symfony2: Invalid CSRF token while remember me authentication
- CSRF protection with Symfony
- Symfony2, login form - CSRF protection
- csrf_token symfony2 validate
- Create custom unique csrf token in Symfony