Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Generate a security token and pass it to an external site?


Reply

4 Posts   874 Views

Avatar
Ryan M.

18 May 2011 at 5:04pm Community Member, 309 Posts

I need to generate a security token and pass it to an external site in the process of submitting a form, and when they finish processing it and post the data back, I'd like to check the data posted back for the same security token and either allow the script to proceed or kill it upon a mismatch.

Possible? Suggestions?

Avatar
johnmblack

27 July 2011 at 2:46am Community Member, 61 Posts

I too cannot seem to find a simple answer to this anywhere, though maybe I'm using the wrong keywords in my search. I think I saw somewhere that tokens or replay attack prevention was a feature but now I don't see it.

Avatar
martimiz

27 July 2011 at 3:30am Forum Moderator, 1093 Posts

By default a SilverStripe form includes a security token using the SecurityToken class to generate and check it upon submission. As far as I know the token is saved as a session variable. Might this be the feature you're referring to?

If you were to create a form(type) to use in submitting to an external site, you could still use the SecurityToken class to generate a token and use it to validate the return value - as long as it's an instant response within the current session, I suppose...

Avatar
johnmblack

27 July 2011 at 3:35am Community Member, 61 Posts

Oh! No, what you described is exactly what I was trying to find out. It isn't mentioned anywhere in the basic documentation or tutorials though, which is why I spent all day trying to find how to "create" such a feature.