class Rack::Protection::AuthenticityToken

def valid_token?(env, token)

session token.
Checks the client's masked token to see if it matches the

def valid_token?(env, token)
  return false if token.nil? || token.empty?
  session = session(env)
  begin
    token = decode_token(token)
  rescue ArgumentError # encoded_masked_token is invalid Base64
    return false
  end
  # See if it's actually a masked token or not. We should be able
  # to handle any unmasked tokens that we've issued without error.
  if unmasked_token?(token)
    compare_with_real_token(token, session)
  elsif masked_token?(token)
    token = unmask_token(token)
    compare_with_global_token(token, session) ||
      compare_with_real_token(token, session) ||
      compare_with_per_form_token(token, session, Request.new(env))
  else
    false # Token is malformed
  end
end

Modules

Classes

class Rack::Protection::AuthenticityToken

def valid_token?(env, token)

Class Methods

Instance Methods