Home/ Questions/Q 724527
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T06:13:59+00:00

I have included Zend_Form_Element_Hash into a form multiplecheckbox form. I have jQuery set to

  • 0

I have included Zend_Form_Element_Hash into a form multiplecheckbox form. I have jQuery set to fire off an AJAX request when a checkbox is clicked, I pass the token with this AJAX request. The first AJAX request works great, but the subsequent ones fail.

I suspect it may be once the token has been validated it is then removed from the session (hop = 1).

What would be your plan of attack for securing a form with Zend Framework Hash yet using AJAX to complete some of these requests?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I finally abandoned using Zend_Form_Element_Hash and just created a token manually, registered it with Zend_Session and then checked it upon submission.

    form.php

    $myNamespace = new Zend_Session_Namespace('authtoken');
$myNamespace->setExpirationSeconds(900);
$myNamespace->authtoken = $hash = md5(uniqid(rand(),1));
$auth = new Zend_Form_Element_Hidden('authtoken');
$auth->setValue($hash)
     ->setRequired('true')
     ->removeDecorator('HtmlTag')
     ->removeDecorator('Label');

    controller.php

    $mysession = new Zend_Session_Namespace('authtoken');
$hash = $mysession->authtoken;
if($hash == $data['authtoken']){
    print "success";
} else {
    print "you fail";
}

    This seems to work and still keeps things relatively sane and secure. I’d still rather use the Hash element, but I can’t seem to make it work with AJAX.

    Thanks all.

    • 0