Level 2
bump?
Feb 14, 2017
3
Level 2
TokenMismatchException, Can I get more info regarding the error?
Using csrf seems to be working well, but I do see a lot of TokenMismatchException entries in the log.
I would like to know more about the errors such as the users IP, route, etc, to try and determine if the error is doing it's job (and therefore further investigation can be done by checking the IP) or if the error is from legitimate users where I may need to make changes to the way sessions are handled etc.
Any way to get more information on such errors? Thanks!
Level 6
In app/Exceptions/Handler.php, you can add in some code to the render() function. Here's a quick example..
/**
* Render an exception into an HTTP response.
*
* @param \Illuminate\Http\Request $request
* @param \Exception $e
*
* @return \Illuminate\Http\Response
*/
public function render($request, Exception $e)
{
if ($e instanceof \Illuminate\Session\TokenMismatchException) {
\Log::info('Token mismatch', [
'url' => $request->getUri(),
'ip' => $request->getClientIp(),
'user' => (\Auth::check() ? \Auth::getUser()->id : null)
]);
}
// ...
}
You can obviously catch all sorts of other exceptions in here, but this is probably a good starting point
Level 122
Also consider your forms. There is no need to have csrf on a login form, and if that form is on your home page, or when users log out you return them to the login form, then when they come back some time later and fill in the form and press submit you will get a csrf error and they will see an error and have t login again.
Either push them to a different (non-form) page or disable csrf on login form
Please or to participate in this conversation.