Provided by: libcatalyst-controller-html-formfu-perl_2.02-1_all
NAME
HTML::FormFu::Element::RequestToken - Hidden text field which contains a unique token
VERSION
version 2.02
SYNOPSIS
my $e = $form->element( { type => 'Token' } ); my $p = $form->element( { plugin => 'Token' } );
DESCRIPTION
This field can prevent CSRF attacks. It contains a random token. After submission the token is checked with the token which is stored in the session of the current user. See "request_token_enable" in Catalyst::Controller::HTML::FormFu for a convenient way how to use it.
ATTRIBUTES
context Value of the stash key for the Catalyst context object ($c). Defaults to "context". expiration_time Time to life for a token in seconds. Defaults to 3600. session_key Session key which is used to store the tokens. Defaults to "__token". limit Limit the number of tokens which are kept in the session. Defaults to 20. constraints Defaults to HTML::FormFu::Constraint::RequestToken and HTML::FormFu::Constraint::Required. message Set the error message.
METHODS
expire_token This method looks in the session for expired tokens and removes them. get_token Generates a new token and stores it in the stash. verify_token Checks whether a given token is already in the session. Returns 1 if it exists, 0 otherwise.
SEE ALSO
Catalyst::Controller::HTML::FormFu, HTML::FormFu::Plugin::RequestToken, HTML::FormFu::Constraint::RequestToken HTML::FormFu
AUTHOR
Moritz Onken, "onken@houseofdesign.de"
LICENSE
This library is free software, you can redistribute it and/or modify it under the same terms as Perl itself.