Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

yigitozmen's avatar

TokenMismatch when back to form and resubmit.

When i post the form then back to the form and resubmit it i get tokenmismatchexception. how can i fix this? thank.

0 likes
13 replies
SaeedPrez's avatar

@yigitozmen why don't you remove the VerifyCsrfToken middleware all together because visitors may use the back button on any form really.

SaeedPrez's avatar

Jokes aside,.. why would any visitor use the back button if you redirect them back to the form as @jlrdw suggested?

jlrdw's avatar

@yigitozmen you really need the csrf if a form is being submitted. Take the time to learn correct security. There are videos on that, some free.

yigitozmen's avatar

It's not about only validation fails. Suppose that a user will search some book in shop. so will fill the inputs according to wishes and post the form and then according to responsed data something will be listed. Maybe user will want to back to previous page and re-search something.

jekinney's avatar

You can catch a csrf mismatch error and handle how ever you need. But it's definitely not a good idea to disable it.

yigitozmen's avatar

by the way, why do i need csrf protection if i only search?

yigitozmen's avatar

Thank you. i will read the page.

By the way, user will enter some data to the form (city, start date, end date etc..) and some books will be listed. I am doing this form with post request. When post request responsed something, i put them in session and redirect to get method and create a view. Am i wrong? If i use get request user will see query string and i don't want it too.

Snapey's avatar

If its a search page, you don't need to use csrf.

Only forms that modify data need protection.

Please or to participate in this conversation.