[L5] Check if session expired

Not sure why that would throw the same exception... So that's session expire yeah?

There is a thread about the same subject, but I'm not sure if this will help you out at all: https://laracasts.com/discuss/channels/general-discussion/keep-getting-tokenmismatchexception-verifycsrftokenphp-on-line-46?page=2

Not sure if that's entirely related...

That's why I said if I wasn't sure if it would help him.. I can't find anything else on this subject and I can't recreate it..

Sounds a bit weird... session expire would hit the middleware and redirect to login anyway...right?

@bashy That is the behaviour I get when I set the session to expire after 1 minute, and then refresh. I will watch carefully for it to happen again and take note of any additional information I can provide.

This is happening on an iPad (mobile safari) btw. I log in, and go to whatever page, then I charge the iPad over night, and when I go back to the site in the morning, I sometimes get the error. It kind of looks like the page is automatically refreshing when the browser opens up.

@Swaz When ever I do that, it redirects me to the login page. Does the area require login/auth? I can't see how the TokenMismatch exception would be thrown if it's just session. You shouldn't need the token just to view a page.

@bashy Yea, it's a page that requires you to be authenticated.

Just a wild guess, maybe do composer dump-autoload and/or clear any application cache. Also clear the device cache.

I think I'm having the same issue. If you guys think not, then I will create a new thread.

There is possibly a situation where the session has not expired but the token has?

So, the user has logged in and is looking at a page with a form. Imagine this form is to create a new topic for instance. Several hours pass and they still have that form on the screen. Now they come back and fill in the form and press submit. The application then throws a TokenMismatchException.

How can this be handled gracefully?

Or, if the session has also expired... the route for the page uses Route::group(array('middleware' => 'auth'). Is this run after csrf validation?

@Snapey I'm not sure in what order they're executed but I would think it's top to bottom in the middleware array list? That is excepted behaviour by the way. Token only has a small lifetime so it's not used for too long.

This is happening to me without hitting submit. It's when I'm signed in, and the mobile browser opens up after a few hours of being closed. It happened again this morning, the error is:

ErrorException in RouteServiceProvider.php line 33:
Trying to get property on non-object

This file? https://github.com/laravel/laravel/blob/master/app/Providers/RouteServiceProvider.php

What's on line 33?

Yes, that file. I have a route model binding on that line:

// app/Providers/RouteServiceProvider.php
$router->bind('project', function($id)
{   
    return Auth::user()->company->projects()->findOrFail($id);
});

If i'm not wrong, it should be like this

return Auth::user()->company()->projects()->findOrFail($id);

@SachinAgarwal It works the way I have it. A company has many projects.

@Swaz Ok so you are getting this error because you dont have any loggedin user. Try this

$router->bind('project', function($id)
{  
    if(Auth::check()) { 
            return Auth::user()->company->projects()->findOrFail($id);
    }
    return redirect('/');
});

@SachinAgarwal Shouldn't the middleware be detecting if I am authenticated? Or does RouteServiceProvider get hit before the middleware?

Logically Middleware is suppose to hit first.
Once check if you middleware is registered in http\kernal.php
And even check if you applied correct middleware and at correct place.(Case sensitivity matters)
IF eveything is fine, then try that logic once.