ezyang
How to use the key and user type features?
Reading through the source code https://github.com/ezyang/csrf-magic/blob/7d3527a515471d94d35c3cbc26bc1c70ad25b4e9/csrf-magic.php#L306-L324 I was wondering how to use the key or user feature. Could you provide an example of how to create a static secret to put into a form?
Background is having an automatic login into a form-based authentication that has csrf protection.
To me, there is no real difference between the use of 'key' or 'user'. Both of these are using generic strings within the data that are then hashed. There is no additional functionality when using 'key' though I'm happy for someone to correct me on that.
In my v1.1.0 patch, I did add the ability to turn off using session_id() as the primary method of generating a secure key, though I'm not sure why you would want to imho as having a static secret mains that once known, it's the same as not having one.
