zend-framework2zend-formcsrfzend-form-elementcsrf-protection

Default timeout of CSRF in ZF2


Is it possible to specify a global default timeout for CSRF form elements in Zend 2? Otherwise I have to specify a timeout option for each CSRF element.

P.S.: What's the value of the current default timeout?


Solution

  • From the source code of Zend\Validator\Csrf, the default timeout of Csrf element in Zend Framework 2 is set to 300:

    protected $timeout = 300; //line 70
    

    If you want to set the same time out for all Csrf elements in your forms, you could create a custom csrfValidator with the timeout value you want and override the default CSRF validator of your elements using setCsrfValidator method.

    Otherwise just change the default options when you add Csrf element to your forms:

    You can change the options of the CSRF validator using the setCsrfValidatorOptions function, or by using the csrf_options key.

    Csrf documentation