Add Session::getGenericToken() for general-purpose token handling

common/framework/session.php

@@ -373,6 +373,7 @@ class Session
 		$_SESSION['RHYMIX']['timezone'] = DateTime::getTimezoneForCurrentUser();
 		$_SESSION['RHYMIX']['secret'] = Security::getRandom(32, 'alnum');
 		$_SESSION['RHYMIX']['tokens'] = array();
+		$_SESSION['RHYMIX']['token'] = false;
 		$_SESSION['is_webview'] = self::_isBuggyUserAgent();
 		$_SESSION['is_new_session'] = true;
 		$_SESSION['is_logged'] = false;
@@ -842,6 +843,26 @@ class Session
 		}
 	}
 	
+	/**
+	 * Get a generic token that is not restricted to any particular key.
+	 * 
+	 * @return string|false
+	 */
+	public static function getGenericToken()
+	{
+		if (!self::isStarted())
+		{
+			return false;
+		}
+		
+		if (!$_SESSION['RHYMIX']['token'])
+		{
+			$_SESSION['RHYMIX']['token'] = self::createToken('');
+		}
+		
+		return $_SESSION['RHYMIX']['token'];
+	}
+	
 	/**
 	 * Create a token that can only be verified in the same session.
 	 * 

tests/unit/framework/SessionTest.php

@@ -334,9 +334,16 @@ class SessionTest extends \Codeception\TestCase\Test
 		$this->assertFalse(Rhymix\Framework\Session::verifyToken($token2, '/wrong/key'));
 		$this->assertFalse(Rhymix\Framework\Session::verifyToken(strrev($token2)));
 		
+		$token3 = Rhymix\Framework\Session::getGenericToken();
+		$this->assertEquals(16, strlen($token3));
+		$this->assertTrue(Rhymix\Framework\Session::verifyToken($token3));
+		$this->assertTrue(Rhymix\Framework\Session::verifyToken($token3, ''));
+		$this->assertFalse(Rhymix\Framework\Session::verifyToken($token3, '/wrong/key'));
+		
 		Rhymix\Framework\Session::destroy();
 		$this->assertFalse(Rhymix\Framework\Session::verifyToken($token1));
 		$this->assertFalse(Rhymix\Framework\Session::verifyToken($token, '/my/key'));
+		$this->assertFalse(Rhymix\Framework\Session::getGenericToken());
 	}
 	
 	public function testEncryption()