Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

binggle's avatar

how to redirect to login page when 419 error

Hi.

How can I redirect to another route ( login ) when 419 error happens ?

0 likes
15 replies
binggle's avatar

Thanks for reply.

But I need error handler in laravel 8 . not previous version.

Thanks.

Nakov's avatar

@binggle this worked for me on Laravel 8:

in your App\Exceptions\Handler.php class, within the register() method, add the following:

$this->renderable(function (\Exception $e) {
    if ($e->getPrevious() instanceof \Illuminate\Session\TokenMismatchException) {
        return redirect()->route('login');
    };
});
7 likes
DivDax's avatar

I would not redirect to the login page. 419 only means the csrf token is invalid, so a new login isn't required. Why not just do a

back()
	->withInput(request()->except('_token'))
	->withError('Invalid token. Please submit the form again');
2 likes
binggle's avatar

Actually 419 error happens even when user logout.

'logout' uses csrf token too..

And usual form submit requires csrf token too.

So it is everywhere, and that's why I want to customize error handler.

Thanks.

martinbean's avatar

@binggle No. Like previously mentioned, you get a 419 error when the CSRF token has expired. It does not mean the user’s session has expired.

If you try and redirect a user to the login page when they’re actually still logged in, then you’re going to end in a redirect loop.

3 likes
binggle's avatar

You gave me the important point..

I must not redirect to 'login' route for the shake of CSRF Token.

Yep. Thank you so much.

1 like
jlrdw's avatar

@binggle make sure your session is persisting (working), you shouldn't be getting a 419 on logout unless something was modified.

Logout uses a form that's submitted with plain javascript.

        <form method="POST" action="{{ route('logout') }}">
                    @csrf

                    <x-responsive-nav-link href="{{ route('logout') }}"
                            onclick="event.preventDefault();
                                        this.closest('form').submit();">
                        {{ __('Logout') }}
                    </x-responsive-nav-link>
        </form>

Also make sure you didn't change something, and check session by setting something like this is a test in session, go to another page and see if you can get that test from session.

2 likes
massel's avatar

@Snapey Thank Snapey should what are the implications if we implement both solutions. ?? Thanks

1 like

Please or to participate in this conversation.