all-in-one/php/vendor/slim/csrf/CHANGELOG.md

# Change Log

## 2016-08-14

Now supports "persistence mode", to persist a single CSRF name/value pair throughout the life of a user's session.  Added the following methods:

- `protected getLastKeyPair` - gets the most recently generated key/value pair from storage.
- `protected loadLastKeyPair` - gets the most recently generated key/value pair from storage, and assign it to `$this->keyPair`.
- `public setPersistentTokenMode`
- `public getPersistentTokenMode`

Note that if CSRF token validation fails, then the token should be renewed regardless of the persistence setting.

The methods `getTokenName` and `getTokenValue` now return `null` if `$this->keyPair` has not yet been set.

### Tests added:

- `testPersistenceModeTrueBetweenRequestsArray` - Token should persist between requests after initial creation, when stored in an array.
- `testPersistenceModeTrueBetweenRequestsArrayAccess` - Token should persist between requests after initial creation, when stored in an ArrayObject.
- `testPersistenceModeFalseBetweenRequestsArray` - Token should be changed between requests, when stored in an array.
- `testPersistenceModeFalseBetweenRequestsArrayAccess` - Token should be changed between requests, when stored in an ArrayObject.
- `testUpdateAfterInvalidTokenWithPersistenceModeTrue` - New token should be generated after an invalid request, even if persistence mode is enabled.