Moritz Onken > Catalyst-Controller-HTML-FormFu-0.09003 > HTML::FormFu::Element::RequestToken

Download:
Catalyst-Controller-HTML-FormFu-0.09003.tar.gz

Dependencies

Annotate this POD

View/Report Bugs
Source   Latest Release: Catalyst-Controller-HTML-FormFu-1.00

NAME ^

HTML::FormFu::Element::RequestToken - Hidden text field which contains a unique token

SYNOPSIS ^

  my $e = $form->element( { type => 'Token' } );
  
  my $p = $form->element( { plugin => 'Token' } );

DESCRIPTION ^

This field can prevent CSRF attacks. It contains a random token. After submission the token is checked with the token which is stored in the session of the current user. See "request_token_enable" in Catalyst::Controller::HTML::FormFu for a convenient way how to use it.

ATTRIBUTES ^

context

Value of the stash key for the Catalyst context object ($c). Defaults to context.

expiration_time

Time to life for a token in seconds. Defaults to 3600.

session_key

Session key which is used to store the tokens. Defaults to __token.

limit

Limit the number of tokens which are kept in the session. Defaults to 20.

constraints

Defaults to HTML::FormFu::Constraint::RequestToken and HTML::FormFu::Constraint::Required.

message

Set the error message.

METHODS ^

expire_token

This method looks in the session for expired tokens and removes them.

get_token

Generates a new token and stores it in the stash.

verify_token

Checks whether a given token is already in the session. Returns 1 if it exists, 0 otherwise.

SEE ALSO ^

Catalyst::Controller::HTML::FormFu, HTML::FormFu::Plugin::RequestToken, HTML::FormFu::Constraint::RequestToken

HTML::FormFu

AUTHOR ^

Moritz Onken, onken@houseofdesign.de

LICENSE ^

This library is free software, you can redistribute it and/or modify it under the same terms as Perl itself.

syntax highlighting: