xsrftoken - ActiveState ActiveGo 1.8

Package xsrftoken

import "golang.org/x/net/xsrftoken"

Overview ▾

Package xsrftoken provides methods for generating and validating secure XSRF tokens.


Timeout is the duration for which XSRF tokens are valid. It is exported so clients may set cookie timeouts that match generated tokens.

const Timeout = 24 * time.Hour

func Generate

func Generate(key, userID, actionID string) string

Generate returns a URL-safe secure XSRF token that expires in 24 hours.

key is a secret key for your application; it must be non-empty. userID is an optional unique identifier for the user. actionID is an optional action the user is taking (e.g. POSTing to a particular path).

func Valid

func Valid(token, key, userID, actionID string) bool

Valid reports whether a token is a valid, unexpired token returned by Generate.