To protect from CSRF, we need to connect both HTTP requests, form request and form submission. There are several ways to do this, but in CodeIgniter hidden field is used which is called the CSRF token. The CSRF token is a random value that changes with every HTTP request sent.
With each request, a new CSRF token is generated. When an object is created, name and value of the token are set.
$this->csrf_cookie_name = $this->csrf_token_name;
$this->_csrf_set_hash();
The function for it is,
function _csrf_set_hash()
{
if ($this->csrf_hash == ”)
{
if ( isset($_COOKIE[$this->csrf_cookie_name] ) AND
$_COOKIE[$this->csrf_cookie_name] != ” )
{
$this->csrf_hash = $_COOKIE[$this->csrf_cookie_name];
} else {
$this->csrf_hash = md5(uniqid(rand(), TRUE));
}
}
return $this->csrf_hash;
}