From b2131f80dbebb4c0a7e95b20c53b301978af7ebc Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 3 Sep 2022 12:42:52 +0200
Subject: [PATCH] Doc

---
 htdocs/main.inc.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index bb82b0ac7e3..f189c90da72 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -504,6 +504,8 @@ if (!defined('NOTOKENRENEWAL') && !defined('NOSESSION')) {
 			$token = dol_hash(uniqid(mt_rand(), false), 'md5'); // Generates a hash of a random number. We don't need a secured hash, just a changing random value.
 			$_SESSION['newtoken'] = $token;
 			dol_syslog("NEW TOKEN generated by : ".$_SERVER['PHP_SELF'], LOG_DEBUG);
+			// TODO Warning, if a user succeed in entering a data from a public page, he can enter a link that make a token regeneration making
+			// the use of the backoffice no more possible !
 		}
 	}
 }