This is just a quick announcement that I have released a Kohana 3 module for CSRF prevention on our github account. This module could easily be ported over to your favorite PHP framework if you modify the CSRF_Form class to handle creation of your FORM tag.

Features

  • sample code on the github page

  • handles special case AJAX implementations

  • user agent validation

  • user-defined timeouts (expiration)

  • private key salted two-way encryption using mcrypt

Requirements

  • the PHP mcrypt module (php-mcrypt or php5-mcrypt depending on your distro)

  • jQuery >= 1.3.2

https://github.com/Skookum/csrf

Questions, comments, and concerns are all welcome.