Is the token generated by Security::getToken unique?

Hi, I need to generate random unique tokens. Does Security:getToken generate unique tokens? If not, what's the best way to generate such unique random tokens?

Thank you



7.1k
edited Dec '14

The token is rather unique. You can see source code. But token don't need absolutely uniqueness, because token lifetime is limited to two requests - generation in form and check, when form submit to application (server).

P.S. If application use AJAX POST form submit, then it is possible to use other methods of protection without token. See http://www.w3.org/TR/cors/



17.8k

I add to @Oleg answer that you can also use tokens in your AJAX requests (it's just to add another POST variable, but I didn't tried it) (accepted answer) http://forum.phalconphp.com/discussion/3965/problem-with-csrf