Hello,
is it possible to set a timeout for mezzio-csrf? I did not find a use case in the documentation.
If you use mezzio-session-ext then the ini settings can help:
Otherwise, please describe where exactly you want to set the timeout.
I would like to set an expiration time for a form, e.g. login. After submitting the form after the time I would like to return an error to the user. In laminasa this could be done by setting a variable for CSRF. For example:
$this->add([
'name' => 'login_csrf',
'type' => Element\Csrf::class,
'options' => [
'salt' => 'unique',
'timeout' => 180
],
'attributes' => [
'id' => 'login_csrf'
]
]);
And finally you could return an error ( Csrf::NOT_SAME ) through the validator…
See in the documentation of laminas-form, there will you find the correct option keys:
use Laminas\Form\Element;
use Laminas\Form\Form;
$form = new Form('my-form');
$form->add([
'type' => Element\Csrf::class,
'name' => 'csrf',
'options' => [
'csrf_options' => [
'timeout' => 600,
],
],
]);
This will set the options for the underlying CSRF validator:
We misunderstood each other. According to the recommendations in the mezzio project, you should not use laminas-session if you are using mezzio-session and mezzio-session-ext, which is what laminas validator csrf - laminas-session requires:
My question is about setting the timeout option for mezzio-csrf.
This means that you cannot use the CSRF element of laminas-form like this. You must set a custom CSRF validator to the form element.
1 Like
Instead of the form element, use the middleware of mezzio-csrf.