In a code i have seen this creation of token for a login page:
$token = $_SESSION['token'] = md5(uniqid(mt_rand(),true));
Then this token is echoed as a hidden input in the login form and on submitted, php code to validate login also checks this token like:
public function isTokenValid()
{
return (!isset($_SESSION['token']) || $this->_token != $_SESSION['token'])? 0 : 1;
}
What is the use of this token ?
Edit: This page is describes the use of it: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
Approach like this is commonly used to prevent CSRF vulnerabilities