I’m trying to create an anti-CSRF token that can be read on the front and back end of my PHP based app.
I’ve created the token in a PHP Session variable with the following code at the top of the index.php file:
<?php
if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
?>
I can access this on the front end and pass it to the back-end via a hidden input…
<input id="i_user_setting_csrf" name="csrf_token" type="hidden" class="form-control fs_75 c_right6" value="<?php echo $_SESSION['csrf_token']; ?>">
I now want to compare this value passed into the server action with the session variable itself, so the server action knows the call has come from the user interface.
So then in my PHP file I have declared a SESSION variable called csrf_token
… however it has a value of null.
How can I access the value of the
csrf_token
session variable in my Server Action?
Best wishes,
Antony.