csrf token seems to be erratic

Does the token change if you just reload the page with the form on?

for the form refresh (not submitted) the token also seems to be erratic as seen in this video https://sendvid.com/uesb7pqg - for the first few refresh it remains the same, but then at the 38 second mark it changes.

Check the seesion expiry time that you have set in config/session.php, also check if cookies are being set properly.

i will check that - but i'm very sure i have not changed them. this is absolutely a stock new laravel project. i have exactly followed the steps in the "laravel from scratch" lesson

EDIT:

'lifetime' => 120,

'expire_on_close' => false,

how can i check if the cookies are being set?

In that case check the version of laravel you are using and show us the routes.php file, make sure you don't have web middleware applied twice.

routes.php i'm using L5.2 composer.json

Looks like sessions aren't being saved properly. What does your config/session.php file look like? What session driver are you using?

The whole code is available here https://drive.google.com/folderview?id=0BwWfZsr-3zZqM3JiRHQwbER3TGc

But since this is a purely stock Laravel new code base I don't think it would be a problem with something as core as session storage. I'll share the exact session.php file in an hour

@bashy - this is the config/session.php

@s_chahal The code works for me, don't know be may be something wrong with your browser, even your replies are posted twice here ...

Yeah looks like something wrong with your browser.

Have you tested this in cURL?

Jup, created an account to confirm this...

i literally have the exact same problem as OP when i run laravel in serve mode (w/o wamp) in chrome. After i read bashy's comment i switched out to Opera and sure enough no CSRF token problems. i don't know what the problem with Chrome is but i can't imagen it's stock chrome causing the problem, it propably is a chrome extension or setting :) will update when i find the problem.

UPDATE: Chrome in incognito mode does not appear to have the problem.

FIX UPDATE: I force cleared all data regarding my localhost laravel project (in chrome : settings->show advanced settings->Content settings->Cookies(All cookies and site data...)->filter on "localhost"(or whatever you setup to be the domain)->hit the cross at the right to delete the entries.

At least, that's what fixed it for me, hope this helps.

(i am using Chrome Version 52.0.2743.82 m.)

Can u verify if this works for you ?

I am using Chrome Version 52.0.2743.82 m (64-bit)

whats with your posts coming up twice?

i dont know why they show up twice - it happens on another thread too. i'll try using another browser. but i'd be very interested in knowing who they are being posted twice.

Weirdly, it's the same reply ID... Like one and the other gets a thumbs up as well... Not your browser I don't think.

cc @JeffreyWay

Updated my post with potential fix.

Hi, i encountered the TokenMismatchExpection again and after going back and forth a vew times i noticed it only gets thrown when i use the "remember me" function when logging in. when i clear this cookie (for example remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d) i am logged out and exception is gone. I have no idea how to start looking for a solution but maybe a more experienced developer can help us out :).

I am posting this from Firefox (all earlier posts were from Chrome) - let's see if this is also posted twice.

any updates @s_chahal

@tealiedie - been busy with other things the last few weeks, will revisit this later this week.

@tealiedie - these double posts are also a little bothersome - @bashy any updates why this may be happening? i'm posting this from a different computer and from a different browser - so am pretty sure this is not caused by something at my end.

btw @bashy - when i visit my Profile - i see these as single comments - the duplication is only happening on the forum.

@s_chahal It appears to be an issue with Laracasts in my eyes. Both the replies have the same ID.

@bashy - in that case i'd like to name it bugbug :)

I do that and it's working for me.

On my .Env File:

CACHE_DRIVER=array
QUEUE_DRIVER=array 

On my config \session.php File:

'driver' => env('SESSION_DRIVER', 'cookie'),
'lifetime' => 120,
'expire_on_close' => true,
'cookie' => 'XSRF-TOKEN',
'domain' => env('SESSION_DOMAIN', "!!!!!-- IMPORTANT PUT YOUR DOMAIN NAME HERE---!!!!!"), 

1- Added this on my view/layout template as a head

<meta name="csrf-token" content="{{ csrf_token() }}">

2- After, in the same layou and before post.scripts

    ```<script>
        window.addEventListener("load", function load(event) {
            window.removeEventListener("load", load, false);
            $.ajaxSetup({headers: {'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')}});
        }, false);
    </script>```

define header for my ajax request in all pages.

1. Add this on handler

if ($e instanceof TokenMismatchException) {
            return redirect()->route('login')->withErrors(['message', 'Session expired, please Login again.']);
        } 

1. add

<input type="hidden" id="_token" name="_token" value="{{ csrf_token() }}">

as a hidden file to all my forms or at less one time for a blade if using ajax.

1. send

data: {
    _token: $("#_token").val()
     },

to all your AJAX CALL except GET.

good look :).

@Luernes - i'll definitely try this out, but it seems like there's got to be a simpler way of doing this... i would expect the csrf_token to be part of the core of the framework and i'm really surprised that it requires this tweak to get it working.