Browse Source

Use better random CSRF token.

tags/2.0.0-beta
Qiang Xue 11 years ago
parent
commit
2686403c0e
  1. 2
      framework/yii/web/Request.php

2
framework/yii/web/Request.php

@ -1040,7 +1040,7 @@ class Request extends \yii\base\Request
{ {
$options = $this->csrfCookie; $options = $this->csrfCookie;
$options['name'] = $this->csrfVar; $options['name'] = $this->csrfVar;
$options['value'] = sha1(uniqid(mt_rand(), true)); $options['value'] = Security::generateRandomKey();
return new Cookie($options); return new Cookie($options);
} }

Loading…
Cancel
Save