has_field '_token' => (
type => 'RequestToken',
This field is for preventing CSRF attacks. It contains an encrypted token
containing an expiration time for the form. No data needs to be persisted in
the user's session or on the server.
HTML::FormHandler::Field::RequestToken - Hidden text field which contains a
unique time-stamped token
Length of time (in seconds) that token will be accepted as valid from the time
it is initially generated. Defaults to 3600.
An optional string to prepend to the token value before encrypting it. If
specified, any received tokens must begin with this value to be accepted as
valid. Defaults to an empty string.
Passed on form process. "$c->sessionid . '|'"
Key to use to encrypt/decrypt the token payload.
The "Crypt::CBC" cipher to use to encrypt/decrypt the token payload.
Defaults to "Blowfish".
Error message if token is missing/invalid.
A "Crypt::CBC" object to handle encrypting/decrypting the token
payload. If not specified, "crypto_key" and
"crypto_cipher_type" will be used to construct one.
Validates whether the specified token is currently valid for this form.
Generates a new token and returns it.
FormHandler Contributors - see HTML::FormHandler
This software is copyright (c) 2017 by Gerda Shank.
This is free software; you can redistribute it and/or modify it under the same
terms as the Perl 5 programming language system itself.