1 files changed, 20 insertions, 9 deletions

diff --git a/pyramid/interfaces.py b/pyramid/interfaces.py
index bbb4754e4..f58ee8b58 100644
--- a/pyramid/interfaces.py
+++ b/pyramid/interfaces.py
@@ -981,19 +981,30 @@ class ISession(IDict):
         :meth:`pyramid.interfaces.ISession.flash`
         """
 
-    def new_csrf_token():
-        """ Create and set into the session a new, random cross-site request
-        forgery protection token.  Return the token.  It will be a string."""
 
-    def get_csrf_token():
-        """ Return a random cross-site request forgery protection token.  It
-        will be a string.  If a token was previously added to the session via
+class ICSRFPolicy(Interface):
+    """ An object that offers the ability to verify CSRF tokens and generate
+    new ones"""
+
+    def new_csrf_token(request):
+        """ Create and return a new, random cross-site request forgery 
+        protection token.  Return the token.  It will be a string."""
+
+    def get_csrf_token(request):
+        """ Return a cross-site request forgery protection token.  It
+        will be a string.  If a token was previously set for this user via
         ``new_csrf_token``, that token will be returned.  If no CSRF token
-        was previously set into the session, ``new_csrf_token`` will be
-        called, which will create and set a token, and this token will be
-        returned.
+        was previously set, ``new_csrf_token`` will be called, which will 
+        create and set a token, and this token will be returned.
         """
 
+    def check_csrf_token(request, supplied_token):
+        """ Returns a boolean that represents if supplied_token is a valid CSRF
+        token for this request. Comparing strings for equality must be done
+        using :func:`pyramid.utils.strings_differ` to avoid timing attacks.
+        """
+
+
 class IIntrospector(Interface):
     def get(category_name, discriminator, default=None):
         """ Get the IIntrospectable related to the category_name and the