I am wondering if this is a secure way to set a token, unless

Question

0

Asked: June 15, 20262026-06-15T19:16:54+00:00 2026-06-15T19:16:54+00:00

I am wondering if this is a secure way to set a token, unless

0

I am wondering if this is a secure way to set a token, unless there actually is a token generated, I generate one, and use it throughout the applications and those forms. One token per session?

if (!isset($_SESSION['token'])) {
    $data['token'] = uniqid(rand(), true);
    session_regenerate_id();
    $_SESSION['token'] = $data['token'];
}

Would it be necessary to clear out the token on a submitted form? or just stay with it, even though I submitted a form?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-15T19:16:55+00:00

Editorial Team

2026-06-15T19:16:55+00:00Added an answer on June 15, 2026 at 7:16 pm

If you don’t know these links, this should help you understand some scenarios and specifically this will tell you the DOs and DONT’s. Hope it helps.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am wondering if this is a secure way to set a token, unless

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply