Home/ Questions/Q 7542969
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T08:18:24+00:00

I have a question about tokens. I understand that they are random characters used

  • 0

I have a question about tokens. I understand that they are random characters used for security purposes but just how do they work and what do they protect against?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Authentification mechanism creates a token when form displayed, and was stored it on server side.
    Also auth mechanism adds token as hidden input to form. When you send it, auth system check is it in server-side storage.
    If token found, authentification process will continue and token was removing.

    It protects from spamming form action script.

    Example using with logout url:

    <?php 
// Generate token
$logout_token = md5(microtime().random(100, 999));
session_start();
// Store token in session
if (!is_array($_SESSION['logout_tokens']) {
    $_SESSION['logout_tokens'] = array();
}
$_SESSION['logout_tokens'][] = $logout_token;
?>
<a href="/logout/?logout_token=<?= $logout_token ?>">logout</a>

    Script, that processing logout:

    <?php
$done = false;
if (!empty($_GET['logout_token'])) {
    // Get token from url
    $logout_token = $_GET['logout_token'];
    session_start();
    if (!is_array($_SESSION['logout_tokens']) {
        $_SESSION['logout_tokens'] = array();
    }
    // Search get token in session (server-side storage)
    if (($key = array_search($logout_token, $_SESSION['logout_tokens'], true)) !== false) {
        // Remove used token from storage
        unset($_SESSION['logout_tokens'][$key]);
        // Do logout
        $done = true;
    }
}
if ($done === false) {
   echo "Something went wrong.";
}
    • 0