File tree Expand file tree Collapse file tree 1 file changed +4
-3
lines changed
Expand file tree Collapse file tree 1 file changed +4
-3
lines changed Original file line number Diff line number Diff line change @@ -287,9 +287,10 @@ if ($unsafe && $user->auth->isValid()) {
287287
288288For a CSRF token to be useful, its random value must be cryptographically
289289secure. Using things like ` mt_rand() ` is insufficient. Aura.Session comes with
290- a ` Randval ` class that implements a ` RandvalInterface ` , and uses either the
291- ` openssl ` or the ` mcrypt ` extension to generate a random value. If you do not
292- have one of these extensions installed, you will need your own random-value
290+ a ` Randval ` class that implements a ` RandvalInterface ` . It uses the
291+ [ ` random_bytes() ` ] ( http://php.net/random_bytes ) function preferentially, then
292+ ` openssl ` , or finally ` mcrypt ` to generate a random value. If you do not
293+ have one of these installed, you will need your own random-value
293294implementation of the ` RandvalInterface ` . We suggest a wrapper around
294295[ RandomLib] ( https://github.com/ircmaxell/RandomLib ) .
295296
You can’t perform that action at this time.
0 commit comments