How to use Zend_Form_Element_Hash?

Question

Then I'm trying to use Zend_Form_Element_Hash it regenerates a hash every request.

In my code:

 // form
 $this->addElement('hash', 'hihacker', array('salt' => 'thesal'));

Then I dumping $_SESSION I see a new value each page reload.

Then I send a form it reports an error "The token '28a5e0e2a50a3d4afaa654468fd29420' does not match the given token 'a64407cc11376dac1916d2101de90d29'", each time - new pair of tokens

Answer 1

$form = new Form();
$form->addElement('hash', 'hihacker',
    array('salt' => 'YOUR TOO MUCH SALTY TEXT !!@@'));
if ($this->_request->isPost() && $form->isValid($this->_request->getPost())) {
    // Valid ! you are safe do what ever you want .
} else if (count($form->getErrors('request_token')) > 0) {

    ///get him to the error controller 
    $this->_forward('csrf-forbidden', 'error');
    return;
}

its working very well for me but double check your session setting

" Internally, the element stores a unique identifier using Zend_Session_Namespace, and checks for it at submission (checking that the TTL has not expired). The 'Identical' validator is then used to ensure the submitted hash matches the stored hash. The 'formHidden' view helper is used to render the element in the form. " form ZF docs