NAME

       HTML::FormFu::Element::RequestToken - Hidden text field which contains a unique token

SYNOPSIS

         my $e = $form->element( { type => 'Token' } );

         my $p = $form->element( { plugin => 'Token' } );

DESCRIPTION

       This field can prevent CSRF attacks. It contains a random token. After submission the
       token is checked with the token which is stored in the session of the current user.  See
       "request_token_enable" in Catalyst::Controller::HTML::FormFu for a convenient way how to
       use it.

ATTRIBUTES

   context
       Value of the stash key for the Catalyst context object ($c).  Defaults to "context".

   expiration_time
       Time to life for a token in seconds. Defaults to 3600.

   session_key
       Session key which is used to store the tokens. Defaults to "__token".

   limit
       Limit the number of tokens which are kept in the session. Defaults to 20.

   constraints
       Defaults to HTML::FormFu::Constraint::RequestToken and HTML::FormFu::Constraint::Required.

   message
       Set the error message.

METHODS

   expire_token
       This method looks in the session for expired tokens and removes them.

   get_token
       Generates a new token and stores it in the stash.

   verify_token
       Checks whether a given token is already in the session. Returns 1 if it exists, 0
       otherwise.

SEE ALSO

       Catalyst::Controller::HTML::FormFu, HTML::FormFu::Plugin::RequestToken,
       HTML::FormFu::Constraint::RequestToken

       HTML::FormFu

AUTHOR

       Moritz Onken, "onken@houseofdesign.de"

LICENSE

       This library is free software, you can redistribute it and/or modify it under the same
       terms as Perl itself.