How can I send trade offer
Well if this is on Laravel you can send _token
which call as csrf_field
by them.
In CI you can do like this. (csrf
generate unique session id)
Path - application/config/config.php
$config['csrf_protection'] = TRUE;
In Login form, you can add this or in page initialize you can add this
$csrf = array( 'name' => $this->security->get_csrf_token_name(), 'hash' => $this->security->get_csrf_hash());<input type="hidden" name="<?=$csrf['name'];?>" value="<?=$csrf['hash'];?>" />
So when saving you can add this to the session. BTW this token can use for cookie as well.
Read this Cross-site request forgery (CSRF)
Tokens may be either regenerated on every submission (default) or kept the same throughout the life of the CSRF cookie. The default regeneration of tokens provides stricter security, but may result in usability concerns as other tokens become invalid (back/forward navigation, multiple tabs/windows, asynchronous actions, etc). You may alter this behavior by editing the following config parameter
Source Codeigniter documentation
If it's not in a login page, then
Its better to se this false
,(due to this Tokens may be either regenerated on every submission (default))
$config['csrf_regenerate'] = FALSE;
The session ID is the UUID of Steam which corresponds to our Steam profile.The cookies are there to keep you authenticate.
Here's an example how you can get the sessionID and the cookies : https://github.com/SzymonLisowiec/php-steamlogin (not my repo, credit to SzymonLisowiec)
First of all the documentation at doc says that you only need a API KEY in order to send the requests and calls to endpoint, for the class library you are using have helped you from going into your account and getting API KEY yourself.
so by examining class SteamTrade would explain setup(sessionId, cookies):
- if have API KEY then I don't need Cookies and SessionID stop else go step 2.
- get API KEY but you should provide me with Cookies and sessionid in order for me to login and accept agreement and register your account as developer account go step 1 else show error .
Note: all calls done with this format no need for SessionID and Cookies only if not provide API KEY.
http://api.steampowered.com/interface-name/method-name/version/?key=apikey&format=format.
Screenshot:
show how to grab sessionid and cookies with firefox inspector cookies tab