Level 52
Hello,
You must now send a POST request with CSRF token.
<form id="logout-form" action="{{ url('/logout') }}" method="POST">
{{ csrf_field() }}
</form>
1 like
Aug 18, 2016
6
Level 2
TokenMismatchException with logout
Now that logout is a POST request instead of a GET request (in 5.3). If I try to logout after the session has expired I get a TokenMismatchException and am not logged out properly.
Although I prefer it to be a POST maybe the logout doesn't require a CSRF token?
Level 2
Yes but if I login to my site then go out to the pub, then come back after 2 hours and try to log out I get a TokenMismatchException. This exception stops me from logging out properly so I have to navigate back, refresh the page, and log out again.
In practice this seems like a bit of an issue to me?
Level 52
It's the same for any form, not only this one.
There was a discussion about it.
Level 11
Just got the same problem today. Easy fix, edit VerifyCsrfToken class :
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'/logout'
];
}
7 likes
Level 2
Very nice!
Level 122
@XavRsl how can you 'logout' if the session has expired!
Please or to participate in this conversation.