Level 9
Hello @Hesto,
How do you make those AJAX calls, can you give us a bit more description? Is there any middleware involved?
Post some code here, so we can help you.
Feb 11, 2016
8
Level 5
After some AJAX requests TokenMismatchException
Hello, I have a problem with token. When i post data with ajax, sometimes i have TokenMismatchException (of course i add token to ajax data). The number of requests when mismatch occure is random. When i reload page, everything works fine again untill next token mismatch.
I use ajax request to add and delete rows in table.
Why do i have that problem. If token expires after any number of requests?
Laravel 5.2.14
Level 5
Thank you for answer. I didnt make my own middlewares.
$.ajax({
url: '/api/products/' + product + '/detach-project-template',
type: 'post',
data: {_token: token, template_id: template},
success: function (msg) {
$.smallBox({
title : "Szablon usunięty z produktu",
content : "Usuwanie powiodło się",
color : "#73AD21",
timeout: 3000,
icon : "fa fa-trash swing animated"
});
otable.ajax.reload();
otable1.ajax.reload();
$('#prodcut-templates-count').html(msg);
}
});
So when i try to delete row from table and then refresh tables to fetch updated content, token mismatch appears after random number of requests without any reason. I checked it and the token realy changes his value. But...
$.ajax({
url: '/api/products/' + product + '/detach-project-template',
type: 'post',
data: {_token: token, template_id: template},
success: function (msg) {
$.smallBox({
title : "Szablon usunięty z produktu",
content : "Usuwanie powiodło się",
color : "#73AD21",
timeout: 3000,
icon : "fa fa-trash swing animated"
});
row.remove();
otable1.row.add( rowNode ).draw();
$('#prodcut-templates-count').html(msg);
}
});
When i delete row from table, then instead of refreshing ajax content i remove row from table and add it to second table it works always i belive. Its hard to test becouse with this solution i make 2/3 requests less which is even better than first solution. But what if token mismach occure after maybe 50 requests? It could be a bug or maybe laravel proctects me from "lazy, bad solutions"? I dont know but i would like to know the answer.
Level 9
I would suggest you to use the token in the headers section.
Also take a look at that discussion: https://laracasts.com/discuss/channels/general-discussion/laravel-5-ajax-tokenmismatchexception
Level 5
Header setup didnt make any difference but anyway its better solutions.
I read the discussion and the problem is same, but there is no good answer. I like the answer that its server configuration problem (i develop on localhost) but i would like to fix it and i dont know how. I read that people after ajax requests make another request to fetch current token but i think its realy bad idea. Another people just turn CSRF off. I hope there is any way to keep current token longer. By the way i dont understend idea of changing token during session, its annoying.
Level 14
If possible, try using Homestead., that should confirm/eliminate any problems with localhost.
Level 41
@Hesto If you are running a thread-safe version of PHP, I don't think there is a fix for this (not 100% sure on that though). Basically, if a URL is called before the previous one is finished, you will run into this issue where the environment variables reset. Try running php artisan config:cache though. I think it's helped in similar situations in the past. Just a note that if you do this and you want to alter your configurations, you need to run php artisan config:clear so you probably don't want to run these commands until you deploy your app.
Level 5
@robgeorgeuk I can't work on Homestead atm. But thanks for idea i'll test it on final server soon. I belive @thomaskim is right about my issue. I will test it and ill give you feedback to help others in the future, becouse its hard to find the answer about this issue on the internet.
Level 5
Hi.
Not sure, if this helps, but I always include token setup in my app.js like this:
/* Setup ajax token */
$.ajaxSetup({
headers: {'X-CSRF-Token': $('meta[name=_token]').attr('content')}
});
Ooops, this part was linked above - sorry for double posting...
Regards, kaju
Please or to participate in this conversation.