self::TOKEN_EXPIRATION) { self::clearToken(); return false; } return self::validateToken($token, $storedToken); } return false; } return true; // CSRF is disabled } /** * Generate and store a new CSRF token in the session. * * @return string */ public static function generateAndStoreToken(): string { $token = self::generateToken(); $_SESSION['nux_csrf_token'] = $token; $_SESSION['nux_csrf_token_time'] = time(); return $token; } /** * Clear the stored CSRF token from the session. * * @return void */ public static function clearToken(): void { unset($_SESSION['nux_csrf_token'], $_SESSION['nux_csrf_token_time']); } }