I have recently read about csrf tokens. I am using YII framework to develop

Question

0

Asked: June 15, 20262026-06-15T03:06:59+00:00 2026-06-15T03:06:59+00:00

I have recently read about csrf tokens. I am using YII framework to develop

0

I have recently read about csrf tokens. I am using YII framework to develop my project. I enabled csrf validation in config/main.php and yii is putting a token in a hidden form field. And checking if the token is valid. Everything is fine. But I have observed that the value of CSRF token is not changing when I refresh and all the forms in a page are using same token.

This puzzled me. If csrf token is not changing then any hacker can use that token in his request also and will be able to produce a valid request. Then how can csrf token offer security? Is it a problem with YII framework? Or did I miss some thing? I hope I did miss something. If we have to generate tokens manually please let me know how to generate and validate(preferably in YII framework)

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-15T03:07:02+00:00

Editorial Team

2026-06-15T03:07:02+00:00Added an answer on June 15, 2026 at 3:07 am

implement Csrf token generation per session.
check

how the hacker will get token generated to your session?

there is also a procedure for per request token generation, but i think that is not good approach in yii.
problem with per request token generation

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have recently read about csrf tokens. I am using YII framework to develop

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply