Commit 2686403c by Qiang Xue

Use better random CSRF token.

parent fc19ebdf
...@@ -1040,7 +1040,7 @@ class Request extends \yii\base\Request ...@@ -1040,7 +1040,7 @@ class Request extends \yii\base\Request
{ {
$options = $this->csrfCookie; $options = $this->csrfCookie;
$options['name'] = $this->csrfVar; $options['name'] = $this->csrfVar;
$options['value'] = sha1(uniqid(mt_rand(), true)); $options['value'] = Security::generateRandomKey();
return new Cookie($options); return new Cookie($options);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment