PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I've been polishing up my security with forms today and I've come across a chapter which shows me how to avoid CSRF attacks. I've learned to use the following code to avoid these attacks but I'm getting unexpected results. Please can somebody point out why on each form submittion the results of the 2 variables never match:
You're setting a new $_SESSION['token'] with each request, regardless of wether the form is displayed and/or the form values are processed.
This might be the result of a misconception on how php works. Try