CsrfGuardInterface
Issues and verifies per-session, per-route CSRF tokens for the live interaction endpoint. A token issued for one `$sessionId`/`$route` pair MUST NOT verify for a different session or route — implementations bind both into the token rather than treating it as an opaque, globally-valid secret.
CsrfGuardInterface::issueToken()
abstract public function issueToken(string $sessionId, string $route): stringIssues a new token bound to the given session and route.
Parameters
| Name | Type | Description |
|---|---|---|
| $sessionId | string | |
| $route | string |
CsrfGuardInterface::verifyToken()
abstract public function verifyToken(string $token, string $sessionId, string $route): boolVerifies a token was issued by {@see issueToken()} for this exact session and route, and has not expired. MUST NOT throw on a malformed token — an invalid token is a normal, expected input and is reported via the boolean return, not an exception.
Parameters
| Name | Type | Description |
|---|---|---|
| $token | string | |
| $sessionId | string | |
| $route | string |