Laravel csrf session timeout

Hi,

For registering visitors at our company I've create a Laravel app. The registration form is displayed all day long. Sometimes it causes a csrf token mismatch on submit.

Is there any solution for this?

RamjithAp

8 years ago

Level 10

A workaround for it is to actually get the new token every certain time. otherwise, you are defeating the purpose of the csrf token:

<html>
    <head>
        <meta name="csrf_token" content="{{ csrf_token() }}">
    </head>
    <body>
        <script type="text/javascript">
            var csrfToken = $('[name="csrf_token"]').attr('content');

            setInterval(refreshToken, 3600000); // 1 hour 

            function refreshToken(){
                $.get('refresh-csrf').done(function(data){
                    csrfToken = data; // the new token
                });
            }

            setInterval(refreshToken, 3600000); // 1 hour 

        </script>
    </body>
</html>

In laravel routes

Route::get('refresh-csrf', function(){
    return csrf_token();
});

mbachmann

8 years ago

Level 1

Did you take a look at the following threads ? https://laracasts.com/discuss/channels/general-discussion/session-lifetime-timeout-and-csrf-token-mismatch https://laracasts.com/discuss/channels/general-discussion/crsf-checked-before-auth?page=1

Please or to participate in this conversation.