Rechercher une page de manuel
HTML::FormFu::Element::RequestToken.3pm
Langue: en
Version: 2009-07-06 (ubuntu - 24/10/10)
Section: 3 (Bibliothèques de fonctions)
Sommaire
NAME
HTML::FormFu::Element::RequestToken - Hidden text field which contains a unique tokenSYNOPSIS
my $e = $form->element( { type => 'Token' } ); my $p = $form->element( { plugin => 'Token' } );
DESCRIPTION
This field can prevent CSRF attacks. It contains a random token. After submission the token is checked with the token which is stored in the session of the current user. See ``USING TOKENS'' in Catalyst::Controller::HTML::FormFu for a convenient way how to use it.ATTRIBUTES
context
Value of the stash key for the Catalyst context object ($c). Defaults to "context".expiration_time
Time to life for a token in seconds. Defaults to 3600.session_key
Session key which is used to store the tokens. Defaults to "__token".METHODS
expire_token
This method looks in the session for expired tokens and removes them.get_token
Generates a new token and stores it in the stash.remove_token
Removes a specific token from the session. Returns 1 if the key was found. 0 otherwise.verify_token
Checks whether a given token is already in the session. If it exists it is removed and "verify_token" returns 1. 0 otherwise.SEE ALSO
Catalyst::Controller::HTML::FormFu, HTML::FormFu::Plugin::RequestToken, HTML::FormFu::Constraint::RequestTokenHTML::FormFu
AUTHOR
Moritz Onken, "onken@houseofdesign.de"LICENSE
This library is free software, you can redistribute it and/or modify it under the same terms as Perl itself.Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre