issue('create'); assert_true($guard->validate('create', (string)$issued['ts'], $issued['token'], 3600, 'session-1')); assert_false((new CsrfGuard('secret', 'bob', 'session-1'))->validate('create', (string)$issued['ts'], $issued['token'], 3600, 'session-1')); assert_false($guard->validate('delete', (string)$issued['ts'], $issued['token'], 3600, 'session-1')); assert_false($guard->validate('create', (string)($issued['ts'] - 7200), $issued['token'], 3600, 'session-1')); assert_false($guard->validate('create', 'bad', $issued['token'], 3600, 'session-1')); });