allow to set token if not yet done

This commit is contained in:
Roland Gruber 2017-10-07 09:58:05 +02:00
parent 6781fb1964
commit 1a1d28a8af
1 changed files with 6 additions and 1 deletions

View File

@ -514,8 +514,13 @@ function getClientIPForLogging() {
/** /**
* Adds a security token to the session to prevent CSRF attacks. * Adds a security token to the session to prevent CSRF attacks.
*
* @param boolean $overwrite overwrite existing token
*/ */
function addSecurityTokenToSession() { function addSecurityTokenToSession($overwrite = true) {
if (!empty($_SESSION[getSecurityTokenName()]) && !$overwrite) {
return;
}
$_SESSION[getSecurityTokenName()] = getRandomNumber(); $_SESSION[getSecurityTokenName()] = getRandomNumber();
} }