PHPackages                             spencer14420/sp-anti-csrf - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. spencer14420/sp-anti-csrf

ActiveLibrary[Security](/categories/security)

spencer14420/sp-anti-csrf
=========================

Can be used to generate and validate anti-CSRF tokens

1.0.0-beta1(1y ago)06141MITPHPCI passing

Since Nov 15Pushed 1y ago1 watchersCompare

[ Source](https://github.com/Spencer14420/SPAntiCSRF)[ Packagist](https://packagist.org/packages/spencer14420/sp-anti-csrf)[ RSS](/packages/spencer14420-sp-anti-csrf/feed)WikiDiscussions main Synced today

READMEChangelog (4)DependenciesVersions (5)Used By (1)

SPAntiCSRF
==========

[](#spanticsrf)

SPAntiCSRF is a lightweight PHP package that secures web applications against CSRF attacks using token-based validation.

Features
--------

[](#features)

- **Session-based CSRF token management**: Tokens are stored securely in PHP sessions.
- **Token expiration**: Tokens expire after a configurable duration for enhanced security.
- **Validation and replay protection**: Ensures tokens are valid and prevents token reuse.
- **Session regeneration**: Provides a method to regenerate session IDs, helping to mitigate session fixation attacks when used appropriately.
- **One-time token usage**: Tokens are invalidated after successful validation to prevent reuse.

Installation
------------

[](#installation)

You can install SPAntiCSRF using Composer:

```
composer require spencer14420/sp-anti-csrf
```

Usage
-----

[](#usage)

### Generate a CSRF Token

[](#generate-a-csrf-token)

Generate a token when rendering forms or making requests that require CSRF protection:

```
use spencer14420\SpAntiCsrf\AntiCsrf;

$csrf = new AntiCsrf();
$token = $csrf->generateToken();
```

Use the token in your HTML form:

```
