security::csrf::token (private)

 security::csrf::token [ -tokenname tokenname ]

Defined in packages/acs-tcl/tcl/security-procs.tcl

Generate a CSRF token and return it

Switches:
-tokenname
(defaults to "__csrf_token") (optional)
Returns:
CSRF token
Author:
Gustaf Neumann

Partial Call Graph (max 5 caller/called nodes):
%3 security::csrf::new security::csrf::new (public) security::csrf::token security::csrf::token security::csrf::new->security::csrf::token security::csrf::validate security::csrf::validate (public) security::csrf::validate->security::csrf::token security::csrf::session_id security::csrf::session_id (private) security::csrf::token->security::csrf::session_id

Testcases:
No testcase defined.
Source code:
        #
        # We compute the token only once per requests. If it was already
        # computed, and we can pick it up and return it. Otherwise,
        # we compute it new.
        #
        set globalTokenName ::$tokenname
        if {[info exists $globalTokenName] && [set $globalTokenName] ne ""} {
            set token [set $globalTokenName]
        } else {
            set secret [ns_config "ns/server/[ns_info server]/acs" parametersecret ""]
            if {[namespace which ::crypto::hmac] ne ""} {
                set token [::crypto::hmac string $secret [session_id]]
            } else {
                set token [ns_sha1 $secret-[session_id]]
            }
            set $globalTokenName $token
        }

        return $token
Generic XQL file:
packages/acs-tcl/tcl/security-procs.xql

PostgreSQL XQL file:
packages/acs-tcl/tcl/security-procs-postgresql.xql

Oracle XQL file:
packages/acs-tcl/tcl/security-procs-oracle.xql

[ hide source ] | [ make this the default ]
Show another procedure: