Validates the passed in token against the token stored in the session for a specific key. Used to help prevent Cross-Site Request Forgery (CSRF) attacks.
csrfVerifyToken( token [,key] )
→ returns boolean
Use csrfVerifyToken() to Verify a unique token for each form submission.
<cfscript>
param name="FORM[ 'f' & hash( 'userId', 'SHA-384', 'UTF-8', 1000 )]" default="0";
param name="FORM[ 'f' & hash( 'formToken', 'SHA-512', 'UTF-8', 500 )]" default="0";
param name="FORM.emailAddress" default="";
param name="FORM.phoneNumber" default="";
if( !csrfVerifyToken( FORM[ 'f' & hash( 'formToken', 'SHA-512', 'UTF-8', 500 )] )
) {
// formToken is not a valid token
// redirect user to login form (etc.)
}
</cfscript>Use csrfVerifyToken() to Verify a unique token for each form submission.
<cfscript>
param name="FORM[ 'f' & hash( 'userId', 'SHA-384', 'UTF-8', 1000 )]" default="0";
param name="FORM[ 'f' & hash( 'formToken', 'SHA-512', 'UTF-8', 500 )]" default="0";
param name="FORM.emailAddress" default="";
param name="FORM.phoneNumber" default="";
if( !csrfVerifyToken( FORM[ 'f' & hash( 'formToken', 'SHA-512', 'UTF-8', 500 )], 'profile' )
) {
// formToken is not a valid token
// redirect user to login form (etc.)
}
</cfscript>Use csrfVerifyToken() to Verify a unique token with a unique session variable for each form submission (for multiple open browser tabs).
<cfscript>
param name="FORM[ 'f' & hash( 'userId', 'SHA-384', 'UTF-8', 1000 )]" default="0";
param name="FORM[ 'f' & hash( 'tokenVar', 'SHA-512', 'UTF-8', 500 )]" default="0";
param name="FORM[ 'f' & hash( 'formToken', 'SHA-512', 'UTF-8', 500 )]" default="0";
param name="FORM.emailAddress" default="";
param name="FORM.phoneNumber" default="";
if( !csrfVerifyToken( FORM[ 'f' & hash( 'formToken', 'SHA-512', 'UTF-8', 500 )], FORM[ 'f' & hash( 'tokenVar', 'SHA-512', 'UTF-8', 500 )] )
) {
// formToken is not a valid token
// redirect user to login form (etc.)
}
</cfscript>Signup for cfbreak to stay updated on the latest news from the ColdFusion / CFML community. One email, every friday.