|
AntiForgeryGetTokens Method
|
Generates an anti-forgery token pair (cookie and form token) for this request.
This method is similar to GetHtml(), but this method gives the caller control
over how to persist the returned values. To validate these tokens, call the
appropriate overload of Validate.
Namespace: GSF.Web.SecurityAssembly: GSF.Web (in GSF.Web.dll) Version: 2.4.218-beta
Syntax GSF.Web.Security.AntiForgery.GetTokens = function(request, oldCookieToken, newCookieToken, formToken);
View SourceParameters
- request HttpRequestMessage
- Request message.
- oldCookieToken String
- The anti-forgery token - if any - that already existed
for this request. May be null. The anti-forgery system will try to reuse this cookie
value when generating a matching form token.
- newCookieToken String
- Will contain a new cookie value if the old cookie token
was null or invalid. If this value is non-null when the method completes, the caller
must persist this value in the form of a response cookie, and the existing cookie value
should be discarded. If this value is null when the method completes, the existing
cookie value was valid and needn't be modified.
- formToken String
- The value that should be stored in the <form>. The caller
should take care not to accidentally swap the cookie and form tokens.
Remarks
Unlike the GetHtml() method, this method has no side effect. The caller
is responsible for setting the response cookie and injecting the returned
form token as appropriate.
See Also