and matches the current session, if not the request is discarded. A
form generated by a different webpage does not know the secret csrf
token, so it cannot construct a valid form. PHP Shell implements this
-protection as of version 2.
+protection as of version 2..
Attacks against the session
from a large character set, e.g. lower case and upper case letters,
numbers, and special characters.
-As of version 2.
6, PHP Shell also implements rate limiting. Every time
+As of version 2., PHP Shell also implements rate limiting. Every time
a login attempt fails, this is logged in a file (the location of which
is configurable). After the third failed log in attempt from one IP
address, PHP Shell enforces a timeout during which a user won't be