vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/CsrfProvider/SessionCsrfProvider.php

   1 <?php
   2
   3 /*
   4  * This file is part of the Symfony package.
   5  *
   6  * (c) Fabien Potencier <fabien@symfony.com>
   7  *
   8  * For the full copyright and license information, please view the LICENSE
   9  * file that was distributed with this source code.
  10  */
  11
  12 namespace Symfony\Component\Form\Extension\Csrf\CsrfProvider;
  13
  14 use Symfony\Component\HttpFoundation\Session\Session;
  15
  16 /**
  17  * This provider uses a Symfony2 Session object to retrieve the user's
  18  * session ID.
  19  *
  20  * @see DefaultCsrfProvider
  21  *
  22  * @author Bernhard Schussek <bschussek@gmail.com>
  23  */
  24 class SessionCsrfProvider extends DefaultCsrfProvider
  25 {
  26     /**
  27      * The user session from which the session ID is returned
  28      * @var Session
  29      */
  30     protected $session;
  31
  32     /**
  33      * Initializes the provider with a Session object and a secret value.
  34      *
  35      * A recommended value for the secret is a generated value with at least
  36      * 32 characters and mixed letters, digits and special characters.
  37      *
  38      * @param Session $session The user session
  39      * @param string  $secret  A secret value included in the CSRF token
  40      */
  41     public function __construct(Session $session, $secret)
  42     {
  43         parent::__construct($secret);
  44
  45         $this->session = $session;
  46     }
  47
  48     /**
  49      * {@inheritdoc}
  50      */
  51     protected function getSessionId()
  52     {
  53         $this->session->start();
  54
  55         return $this->session->getId();
  56     }
  57 }