Doc

htdocs/main.inc.php

@@ -504,6 +504,8 @@ if (!defined('NOTOKENRENEWAL') && !defined('NOSESSION')) {
 			$token = dol_hash(uniqid(mt_rand(), false), 'md5'); // Generates a hash of a random number. We don't need a secured hash, just a changing random value.
 			$_SESSION['newtoken'] = $token;
 			dol_syslog("NEW TOKEN generated by : ".$_SERVER['PHP_SELF'], LOG_DEBUG);
+			// TODO Warning, if a user succeed in entering a data from a public page, he can enter a link that make a token regeneration making
+			// the use of the backoffice no more possible !
 		}
 	}
 }