NAME

HTML::FormHandler::Field::RequestToken

VERSION

version 0.40068

SYNOPSIS

    with 'HTML::FormHandler::Field::Role::RequestToken';
    ...
    has_field '_token' => (
        type => 'RequestToken',
    );

DESCRIPTION

This field is for preventing CSRF attacks. It contains an encrypted token containing an expiration time for the form. No data needs to be persisted in the user's session or on the server.

NAME

HTML::FormHandler::Field::RequestToken - Hidden text field which contains a unique time-stamped token

ATTRIBUTES

expiration_time

Length of time (in seconds) that token will be accepted as valid from the time it is initially generated. Defaults to 3600.

token_prefix

An optional string to prepend to the token value before encrypting it. If specified, any received tokens must begin with this value to be accepted as valid. Defaults to an empty string.

Passed on form process. $c->sessionid . '|'

crypto_key

Key to use to encrypt/decrypt the token payload.

crypto_cipher_type

The Crypt::CBC cipher to use to encrypt/decrypt the token payload. Defaults to Blowfish.

message

Error message if token is missing/invalid.

cipher

A Crypt::CBC object to handle encrypting/decrypting the token payload. If not specified, "crypto_key" and "crypto_cipher_type" will be used to construct one.

verify_token

Validates whether the specified token is currently valid for this form.

get_token

Generates a new token and returns it.

AUTHOR

FormHandler Contributors - see HTML::FormHandler

COPYRIGHT AND LICENSE

This software is copyright (c) 2017 by Gerda Shank.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.