Translations:Manual:SessionManager and AuthManager/67/en

Tokens that come in from the WebRequest must always be checked using $1 to avoid timing attacks.