Jump to content

CSRF key for logout


Recommended Posts

\system\Session\Session.php, init method.

		/* Set ID */
		$this->id = session_id();

		/* Crate csrf key */
		$this->csrfKey = md5( "{$this->member->email}&{$this->member->member_login_key}& " . ( $this->member->member_id ? $this->member->joined->getTimestamp() : 0 ) . '&' . $this->id );

You aren't going to be able to generate it externally(via an api or such) without loading the framework due to the session_id being used therein, it would seem.

Link to comment
Share on other sites

you can query the session id from the ipcore_sessions table.  I am not a php programmer so I am just trying to figure out what the logic means here with these variables.


overall to me it looks like:
md5( email + & + login key + & + member_id + & + joined + & + jsession_id) 


I am not 100% certain about that member_id / joined date part since it looks like its an if / or

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...