Package xsrftoken provides methods for generating and validating secure XSRF tokens.
Internal call graph ▹
Internal call graph ▾
In the call graph viewer below, each node is a function belonging to this package and its children are the functions it calls—perhaps dynamically.
The root nodes are the entry points of the package: functions that may be called from outside the package. There may be non-exported or anonymous functions among them if they are called dynamically from another package.
Click a node to visit that function's source code.
From there you can visit its callers by
clicking its declaring
Functions may be omitted if they were determined to be unreachable in the particular programs or tests that were analyzed.
Timeout is the duration for which XSRF tokens are valid. It is exported so clients may set cookie timeouts that match generated tokens.
const Timeout = 24 * time.Hour
func Generate(key, userID, actionID string) string
Generate returns a URL-safe secure XSRF token that expires in 24 hours.
key is a secret key for your application; it must be non-empty. userID is an optional unique identifier for the user. actionID is an optional action the user is taking (e.g. POSTing to a particular path).
func Valid(token, key, userID, actionID string) bool
Valid reports whether a token is a valid, unexpired token returned by Generate.