Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

babai9's avatar
babai9
OP
1 year ago
Level 1

How to redirect to a route on 419 page expired Laravel 11

When I was using Laravel 10, at exceptions->Handler.php, I use to use this code and it used to works at that time.

$this->renderable(function (\Exception $e) {
    if ($e->getPrevious() instanceof \Illuminate\Session\TokenMismatchException) {
        return redirect()->back();
    };
});

But as in Laravel 11 there is no, handler.php, i go through the docs and found you need to write exception code in bootstrap->app.php. Now I am doing this, but 419 page is not getting redirected back.

->withExceptions(function (Exceptions $exceptions) {
//
$exceptions->renderable(function (\Illuminate\Session\TokenMismatchException $e) {
    return redirect()->back();
});
})->create();

But this doesnot works, please let me know where am I doing wrong.

0 likes
5 replies
babai9's avatar
babai9
OP
1 year ago
Best Answer
Level 1

Sorry, its my bad I solved it down by doing this.

->withExceptions(function (Exceptions $exceptions) {
        //
        $exceptions->renderable(function (\Exception $e) {
            if ($e->getPrevious() instanceof \Illuminate\Session\TokenMismatchException) {
                return redirect()->back();
            };
        });
    })->create();
Snapey's avatar

Dont your users get annoyed at filling in a form only for it to reset when they press submit?

1 like
babai9's avatar
babai9
OP
1 year ago
Level 1

@Snapey No this will only happen to them if they keep the login page idle for more than 2 hrs then the page will get reload with meta refresh at first and for further protection will reload it as second option. I followed your guide over here

  1. https://talltips.novate.co.uk/laravel/csrf-and-expired-login-forms
  2. https://talltips.novate.co.uk/laravel/csrf-and-expired-logout-forms

Just not able to use the code mentioned over here app/Http/Middleware/VerifyCsrfToken.php as you know in laravel 11 there is no such VerifyCsrfToken in middleware although you can use it in bootstrap->app.php, but was wondering how to use the handle function code. Can you please guide me over here?

Snapey's avatar

@babai9 I think I have a solution for Laravel 11.

Please note that this solution is not necessary for the livewire starter kits as the logout is handled by Livewire.

Create a new middleware class that extends the framework VerifyCsrfToken middleware

<?php

namespace App\Http\Middleware;

use Closure;
use Symfony\Component\HttpFoundation\Response;
use Illuminate\Foundation\Http\Middleware\ValidateCsrfToken;
use Illuminate\Support\Facades\Auth;

class CheckCsrf extends ValidateCsrfToken
{

    protected $except = [
        // other routes that need excepting
        'stripe/*',
    ];

    public function handle($request, Closure $next): Response
    {
        if($request->route()->named('logout')) {

            if (!Auth::check() || Auth::guard()->viaRemember()) {

                $this->except[] = 'logout';
                
            }   
        }

        return parent::handle($request, $next);
    }
}

then in bootstrap/app.php

    ->withMiddleware(function (Middleware $middleware) {
        $middleware->web(replace: [
            Illuminate\Foundation\Http\Middleware\ValidateCsrfToken::class =>
                App\Http\Middleware\CheckCsrf::class]);
    })

This tells the app to swap out the framework csrf validation for ours so that we can add the logic needed to the handle function.

1 like
babai9's avatar
babai9
OP
1 year ago
Level 1

@Snapey Ya me too was thinking about replacing the default one. Thanks it can help me.

Please or to participate in this conversation.