Level 28
Why not just no allow the login route for logged in users. That way you avoid ever having the situation you are describing.
Oct 29, 2014
14
Level 23
L5 - CSRF Token Refresh Approach
All
I've noticed that for some reason sometimes you will get a CSRF token mismatch if you are already logged in and you are attempting to auth again. The form generates a new token, but as you are logged in the form's new token does not match the existing session token id.
Also, a logout followed by a login will not work as the form becomes the old token and then your session is the new token ... lol
Note I have "guest" as middleware on the controller
So I wonder if there is some sort of method to fix this. The only way I can think to is to remove all middleware auth related checks for login and then basically, check if the user is already authenticated, if so log them out and then log them in. The problem is I dont think this works as you need some sort of redirect to sync tokens.
Ideas?
Middleware joy ... lol
/**
* @Middleware("guest", except={"logout"})
* @Controller(prefix="auth")
*/
class AuthController extends Controller {
/// rest of controller logic
/**
* Handle a login request to the application.
*
* @Post("login", as="postAuthLogin")
* @Middleware("csrf")
*
* @param LoginRequest $request
* @return Redirect|\Illuminate\View\View
*/
public function getLogin(LoginRequest $request)
if(! $this->auth->check()) {
$this->auth->logout();
}
$authAttempt = $this->auth->attempt($request->only('email', 'password'));
/// rest of login
}
Level 56
@nolros everyone just only allows guest to login with the guest middleware. Stop trying to solve issues that doesn't exist ;)
Level 23
@pmall this was 6 months ago :) I now know how Laravel actually works ... lol
1 like
Level 65
That bump/necro :D
Winner goes to @Drfraker
3 likes
Level 56
@nolros damned sorry I didn't pay attention :D
Level 23
@pmall @bashy @Drfaker the funny part of this is I don't understand my own question. If I read that now on this forum I would be like wtf is this guy asking?
I found myself a couple of week ago looking at some crappy code thinking "what the hell is this guy trying to do?", only to realize it was my own code.
The more I learn the Less I know for some weird reason.
4 likes
Level 1
@nolros you know, how laravel actually works humm.. then please give my answer?? i am getting " TokenMismatchException in VerifyCsrfToken.php line 46: " when i click the login button
1 like
Level 1
this solve the problem for me
<input type="hidden" name="_token" value="{{{ csrf_token() }}}" />
Level 1
@nolros can you please answer this question to me.
As i m facing a strange problem after the session timeout if anyone try to submit the form it state "TokenMismatchException in VerifyCsrfToken.php line 46"
but i have check auth in constructor and its not redirecting to logout/login page.
whereas whenever i refresh the same page it redirecting properly. This problem only occur once the page is submited.
I know it bit stupid but as a newbie I m bit struck
Level 122
@devlanga Don't leave the user on a page containing a form. Redirect them where possible to a page with no form. e.g., after logout.
Level 1
@snapey Glad to saw your reply. Actually the problem is when anyone open a form and didnt submit till session timeout(120 min). and after that time if he try to submit the same it give "TokenMismatchException in VerifyCsrfToken.php line 46"
How can i resolve this issue as initially he had session there
Level 122
@devlanga You have to catch the error and return the user to a fresh copy of the form (probably with an apology notice)
1 like
Level 1
thanks @snapey it worked
Level 67
Another option is a package like caffeine, which sends an ajax request every x minutes, which keeps the session alive. If your sessions are 2 hours long, you could have it send the request every hour which would make it so nothing timed out.
Please or to participate in this conversation.