Token - graphidev/WOK GitHub Wiki

The Token class allow you to generate and check tokens in order to secure your web application.

As you can use multiple tokens in a same action, a token ID is required for each token you will generate and check. The token lifetime will always be defined at the verification step.

Generate

The following method will generate a unique token key, keep it in a session and return it key.

$token = Token::generate('my_token_id'); // e.g: ad31b2bc7bef5d961d3be53622794c92d3eb18f052945726167a5

Check

The token verification need a parameter which is the token ID.

$is_authorized = Token::generate('my_token_id');

The token lifetime is defined by the tokens lifetime constant (in /var/settings.php). But you can set a particular lifetime in this method as following :

$is_authorized = Token::generate('my_token_id', 120); // This token will expire after 2 minutes

Destroy

Don't forget to destroy generated tokens in order to disallow multiple requests.

Token::destroy('my_token_id'); // This token will no more be available