From 2686403c0e3d4c431eb24006a678eafe874a85c5 Mon Sep 17 00:00:00 2001
From: Qiang Xue <qiang.xue@gmail.com>
Date: Thu, 26 Dec 2013 16:19:09 -0500
Subject: [PATCH] Use better random CSRF token.

---
 framework/yii/web/Request.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework/yii/web/Request.php b/framework/yii/web/Request.php
index 9736043..8849ed3 100644
--- a/framework/yii/web/Request.php
+++ b/framework/yii/web/Request.php
@@ -1040,7 +1040,7 @@ class Request extends \yii\base\Request
 	{
 		$options = $this->csrfCookie;
 		$options['name'] = $this->csrfVar;
-		$options['value'] = sha1(uniqid(mt_rand(), true));
+		$options['value'] = Security::generateRandomKey();
 		return new Cookie($options);
 	}