From aa55f3441fbc1ec78cf96f2c76ab83e8d6d58f82 Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylorotwell@gmail.com>
Date: Thu, 3 Nov 2011 09:21:27 -0500
Subject: [PATCH] Tweak the CSRF token a little more.

---
 laravel/session.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/laravel/session.php b/laravel/session.php
index 9f146bb0..0dd269d3 100644
--- a/laravel/session.php
+++ b/laravel/session.php
@@ -37,13 +37,16 @@ public static function start(Driver $driver)
 		{
 			static::$exists = false;
 
+			static::$session = array('id' => Str::random(40), 'data' => array());
+		}
+
+		if ( ! static::has('csrf_token'))
+		{
 			// A CSRF token is stored in every session. The token is used by the
 			// Form class and the "csrf" filter to protect the application from
 			// cross-site request forgery attacks. The token is simply a long,
 			// random string which should be posted with each request.
-			$csrf_token = Str::random(40);
-
-			static::$session = array('id' => Str::random(40), 'data' => compact('csrf_token'));
+			static::put('csrf_token', Str::random(40));
 		}
 	}