This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
I need to generate a security token and pass it to an external site in the process of submitting a form, and when they finish processing it and post the data back, I'd like to check the data posted back for the same security token and either allow the script to proceed or kill it upon a mismatch.
Possible? Suggestions?
I too cannot seem to find a simple answer to this anywhere, though maybe I'm using the wrong keywords in my search. I think I saw somewhere that tokens or replay attack prevention was a feature but now I don't see it.
By default a SilverStripe form includes a security token using the SecurityToken class to generate and check it upon submission. As far as I know the token is saved as a session variable. Might this be the feature you're referring to?
If you were to create a form(type) to use in submitting to an external site, you could still use the SecurityToken class to generate a token and use it to validate the return value - as long as it's an instant response within the current session, I suppose...
Oh! No, what you described is exactly what I was trying to find out. It isn't mentioned anywhere in the basic documentation or tutorials though, which is why I spent all day trying to find how to "create" such a feature.
