HTML::FormFu::Element::RequestToken
my $e = $form->element( { type => 'Token' } );
my $p = $form->element( { plugin => 'Token' } );
This field can prevent CSRF attacks. It contains a random token. After
submission the token is checked with the token which is stored in the session
of the current user. See "request_token_enable" in
Catalyst::Controller::HTML::FormFu for a convenient way how to use it.
HTML::FormFu::Element::RequestToken - Hidden text field which contains a unique
token
Value of the stash key for the Catalyst context object
($c). Defaults to
"context".
Time to life for a token in seconds. Defaults to 3600.
Session key which is used to store the tokens. Defaults to
"__token".
Limit the number of tokens which are kept in the session. Defaults to 20.
Defaults to HTML::FormFu::Constraint::RequestToken and
HTML::FormFu::Constraint::Required.
This method looks in the session for expired tokens and removes them.
Generates a new token and stores it in the stash.
Checks whether a given token is already in the session. Returns
1 if it exists, 0 otherwise.
Catalyst::Controller::HTML::FormFu, HTML::FormFu::Plugin::RequestToken,
HTML::FormFu::Constraint::RequestToken
HTML::FormFu
Moritz Onken, "onken@houseofdesign.de"
This library is free software, you can redistribute it and/or modify it under
the same terms as Perl itself.
- Carl Franks <cpan@fireartist.com>
- Nigel Metheringham <nigelm@cpan.org>
- Dean Hamstead <dean@bytefoundry.com.au>
This software is copyright (c) 2007-2018 by Carl Franks / Nigel Metheringham /
Dean Hamstead.
This is free software; you can redistribute it and/or modify it
under the same terms as the Perl 5 programming language system itself.