Hi! > I would like to hear from ideas/comments before I write patch for this. > https://wiki.php.net/rfc/automatic_csrf_protection
Could you explain a bit more - when token validation happens? Where the SESSCSRF comes from? Does this mean that every session application now has to support URL rewrite? What happens with applications that do not produce HTML at all, such as REST, or those that produce data further modified by Javascript frontend? -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php