Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

how to use security token

I tried phalcon framework(2.0.8) Phalcon/Security,
I am in trouble without token fitting it.

I tried it in the next procedure. (This source uploaded https://github.com/nakanek/phalcon_security_test

  1. create project by phalcon DevTools(2.0.8)
phalcon project phalcon
  1. edit app/config/service.php
$di->setShared('logger', function() use ($config) {
    $formatter = new \Phalcon\Logger\Formatter\Line('%date% %type%  %message%');
    $logger = new \Phalcon\Logger\Adapter\File('../phalcon.log');
    $logger->setLogLevel(\Phalcon\Logger::DEBUG);
    $logger->setFormatter($formatter);
    return $logger;
});

/**
 * Start the session the first time some component request the session service
 */
$di->setShared('session', function () {
    $session = new Phalcon\Session\Adapter\Libmemcached(array(
        'servers' => array(
            array('host' => 'localhost', 'port' => 11211, 'weight' => 1),
        ),
        'client' => array(
            Memcached::OPT_HASH => Memcached::HASH_MD5,
            Memcached::OPT_PREFIX_KEY => 'prefix.',
        ),
       'lifetime' => 3600,
       'prefix' => 'my_'
    ));
    $session->start();

    return $session;
});

$di->set('security', function() {
    $security = new \Phalcon\Security();
    $security->setWorkFactor(12);
    return $security;
}, true);
  1. append app/views/index/index.volt
<div>
<a href="/index/tokencheck?token={{ security.getToken() }}">token check</a>
</div>
  1. edit app/controllers/IndexController.php
    public function indexAction()
    {
        $this->logger->debug('call indexAction');
    }

    public function tokencheckAction()
    {
        $this->view->sessionToken = $this->security->getSessionToken();
        $this->view->token = $this->request->getQuery('token', null, null);
    }
  1. append app/views/index/tokencheck.volt
<div>sessionToken:{{ sessionToken }}</div>
<div>token:{{ token }}</div>

access / and click token check.
I hope that it becomes token equals sessionToken.
but result is

sessionToken:SfVRGoK1MY3GAVD
token:aYFN1Qa5SG8xvr1o

In addition, I was begun to write in log as follows.

Sun, 27 Dec 15 00:48:49 +0900 DEBUG  call indexAction
Sun, 27 Dec 15 00:48:50 +0900 DEBUG  call indexAction

indexAction called twice for some reason. . .?



48.3k
Accepted
answer

favicon access and CSS and images tend to make the index be called twice when the route is setup too loosely.



347
edited Dec '15

favicon access and CSS and images tend to make the index be called twice when the route is setup too loosely.

I added public/favicon.ico and tried again.

Then token became same as sessionToken.

sessionToken:6HSc2hlsXiBozAxN
token:6HSc2hlsXiBozAxN

Thanks you.