Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hello,
Just curious how others here handle/prevent TokenMismatchException errors. I.e. the user leaves their desk for a bit, comes back, hits submit and then receives a nice error message.
Do you catch this exception and throw a custom error? Redirect back with input? Refresh the token behind the scenes so that it doesn't go stale? Etc.
It all depends on what YOU want your users to experience.
If they were editing something when they got the error then I'd show them the same page pre-filled with existing data - but not the input they submitted - with a nice message at the top. If they were adding something, then I'd just show an error message and display a blank page.
My preferred method is to have a pinging service via Vue-Resource. This will ping our backend every 60 seconds to regenerate the XSRF-TOKEN that is sent along on our requests. On this request, we do a check to see if the user is still authenticated. If they are not, the response sends back a 403, which prompts our users that their session has expired and they must reauthenticate with the application.
The modal we open allows them to log back in right then and there so that way they don't lose the data they are trying to submit.
Laravel Spark basically does the same thing, except users are redirected to the login page and run the risk of losing their data.
Please or to participate in this conversation.