public static string GetFormToken(HttpContext httpContext) { string name = CsrfConfig.GetTokenFieldName(); string value = httpContext.Request.Headers[name] ?? httpContext.Request.Form[name] ?? httpContext.Request.QueryString[name]; if (String.IsNullOrEmpty(value)) { // did not exist return(null); } return(value); }
public static string GetToken(HttpContext httpContext) { try { object session = httpContext.Session[CsrfConfig.GetTokenFieldName()]; if (session == null) { // did not exist return(null); } return(session.ToString()); } catch { // ignore failures since we'll just generate a new token return(null); } }
public static void SaveToken(HttpContext httpContext, string token) { string name = CsrfConfig.GetTokenFieldName(); httpContext.Session[name] = token; }