From deba5e1e749ff282e9ffa4f38247d84a3dea02c7 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 26 Mar 2025 09:51:39 -0700
Subject: [PATCH] When session token expires, redirect instead of returning a
 500 error

---
 src/RaspAP/Tokens/CSRFTokenizer.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/RaspAP/Tokens/CSRFTokenizer.php b/src/RaspAP/Tokens/CSRFTokenizer.php
index be13fdab..d3925f45 100644
--- a/src/RaspAP/Tokens/CSRFTokenizer.php
+++ b/src/RaspAP/Tokens/CSRFTokenizer.php
@@ -23,6 +23,8 @@ class CSRFTokenizer {
         // ensure a CSRF token exists in the session
         if (empty($_SESSION['csrf_token'])) {
             $this->ensureCSRFSessionToken();
+            header("Location: " .$_SERVER['REQUEST_URI']);
+            exit;
         }
 
         if ($this->csrfValidateRequest()) {
@@ -40,7 +42,6 @@ class CSRFTokenizer {
     {
         if (empty($_SESSION['csrf_token'])) {
             $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
-            $token = $_SESSION['csrf_token'];
         }
     }