Jump to:

23007 Posts in 11866 Topics by 2828 members

General Questions

SilverStripe Forums » General Questions » Generate a security token and pass it to an external site?

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 779 Views
  • Ryan M.
    Avatar
    Community Member
    309 Posts

    Generate a security token and pass it to an external site? Link to this post

    I need to generate a security token and pass it to an external site in the process of submitting a form, and when they finish processing it and post the data back, I'd like to check the data posted back for the same security token and either allow the script to proceed or kill it upon a mismatch.

    Possible? Suggestions?

  • johnmblack
    Avatar
    Community Member
    61 Posts

    Re: Generate a security token and pass it to an external site? Link to this post

    I too cannot seem to find a simple answer to this anywhere, though maybe I'm using the wrong keywords in my search. I think I saw somewhere that tokens or replay attack prevention was a feature but now I don't see it.

  • martimiz
    Avatar
    Forum Moderator
    1038 Posts

    Re: Generate a security token and pass it to an external site? Link to this post

    By default a SilverStripe form includes a security token using the SecurityToken class to generate and check it upon submission. As far as I know the token is saved as a session variable. Might this be the feature you're referring to?

    If you were to create a form(type) to use in submitting to an external site, you could still use the SecurityToken class to generate a token and use it to validate the return value - as long as it's an instant response within the current session, I suppose...

  • johnmblack
    Avatar
    Community Member
    61 Posts

    Re: Generate a security token and pass it to an external site? Link to this post

    Oh! No, what you described is exactly what I was trying to find out. It isn't mentioned anywhere in the basic documentation or tutorials though, which is why I spent all day trying to find how to "create" such a feature.

    779 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.