Home/ Questions/Q 7418711
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T07:56:07+00:00

I am using ZF’s Zend_Form_Element_Hash to protect my form against CSRF . The problem

  • 0

I am using ZF’s Zend_Form_Element_Hash to protect my form against CSRF.
The problem however is that the token generated expires too soon. I’m guessing the problem is with the session lifetime, because that is where it is stored.

I use this code to generate it:

$token = new Zend_Form_Element_Hash('tk');
$token->setSalt(md5(uniqid(mt_rand(), TRUE)));

Is there any way I can make the token valid for a longer period of time?

Am I doing it right or there is a better way? I am new to Zend Framework.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There is also a timeout property within Zend_Form_Element_Hash that serves as a TTL for the CSRF token. By default it is 300 seconds (5 minutes).

    You can increase this timeout by passing a value for timeout as an option.

    $token = new Zend_Form_Element_Hash('tk', array('timeout' => 900)); // 15 minute TTL

    Zend_Form_Element_Hash API Doc

    • 0