Merge pull request #187 from akrabat/increase-uniqid-entropy

akrabat · web-flow · commit 18593300a248 · 2024-06-09T14:24:49.000+01:00
Increase uniqid entropy
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,8 @@ See https://github.com/slimphp/Slim-Csrf/releases for a full list
   underscore. This should not affect anyone who uses the relvant methods, but
   if you have hard-coded, then they will need to be updated.
 
+- Changed: Increased likelihood that tokens are unique. 
+
 ## 1.5.0
 
 - Added: Support for PHP 8.2 and 8.3
diff --git a/src/Guard.php b/src/Guard.php
@@ -215,7 +215,7 @@ protected function createToken(): string
     public function generateToken(): array
     {
         // Generate new CSRF token
-        $name = uniqid($this->prefix);
+        $name = uniqid($this->prefix, true);
         $value = $this->createToken();
         $this->saveTokenToStorage($name, $value);
 

Original file line number	Diff line number	Diff line change
`@@ -215,7 +215,7 @@ protected function createToken(): string`
`215`	`215`	`public function generateToken(): array`
`216`	`216`	`{`
`217`	`217`	`// Generate new CSRF token`
`218`		`- $name = uniqid($this->prefix);`
	`218`	`+ $name = uniqid($this->prefix, true);`
`219`	`219`	`$value = $this->createToken();`
`220`	`220`	`$this->saveTokenToStorage($name, $value);`
`221`	`221`