Either create a session or throw an exception when a csrf token is generated with no session

Created on 22 April 2014, almost 11 years ago

Updated 15 January 2025, 21 days ago

Follow-up from #2245003: Use a random seed instead of the session_id for CSRF token generation → . I don't have a strong preference either way, but we should do one or the other.

📌 Task

Status

Closed: outdated

Version

11.0 🔥

Component

base system

Created by

🇬🇧United Kingdom catch

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 21 days ago →
🇬🇧United Kingdom catch
A session will be created in CsrfTokenGenerator::get() if one doesn't already exist now.

Production build 0.71.5 2024