Use better random CSRF token.

11 years ago · 2686403c0e
1 changed files with 1 additions and 1 deletions
--- a/framework/yii/web/Request.php
+++ b/framework/yii/web/Request.php
@ -1040,7 +1040,7 @@ class Request extends \yii\base\Request
 	{
 		$options = $this->csrfCookie;
 		$options['name'] = $this->csrfVar;
-		$options['value'] = sha1(uniqid(mt_rand(), true));
+		$options['value'] = Security::generateRandomKey();
 		return new Cookie($options);
 	}