Level 41
Show us your HTML form.
Mar 30, 2015
6
Level 7
Getting tokenMismatchException only when going directly to form's page?
I am getting a tokenMismatchExcetion when submitting a register account form on my site...
It seems to only be happening after I clear my cache/history and navigate directly to the form page: http://localhost:8888/laravel/public/account/create
If I then refresh the page or navigate to the create account page from another page on the site... the form works and there is no token error....
Anyone have a clue on whats happening here?
Level 7
create.blade:
@extends('layout.main')
@section('content')
<div class="form-container">
<form autocomplete="off" class="form-signin" action="{{ URL::route('account-create-post') }}" method="post">
<div class="form-field brand">
<h3>Create an Account</h3>
<br>
</div>
<div class="form-field">
<input placeholder="Enter your Email" type="text" name="email"{{ (Input::old('email')) ? ' value="' . e(Input::old('email')) . '"' : '' }}>
@if($errors->has('email'))
{{ $errors->first('email') }}
@endif
</div>
<div class="form-field">
<input placeholder="Enter a Username" type="text" name="username"{{ (Input::old('username')) ? ' value="' . e(Input::old('username')) . '"' : '' }}>
@if($errors->has('username'))
{{ $errors->first('username') }}
@endif
</div>
<div class="form-field">
<input placeholder="Choose Password" type="password" name="password">
@if($errors->has('password'))
{{ $errors->first('password') }}
@endif
</div>
<div class="form-field">
<input placeholder="Retype Password" type="password" name="password_again">
@if($errors->has('password_again'))
{{ $errors->first('password_again') }}
@endif
</div>
<input class="btn btn-large btn-primary" type="submit" value="Create Account">
{{ Form::token() }}
</form>
</div>
@stop
Route:
/* Unauthenticated/GUEST group (stuff to do if user is logged out)*/
Route::group(array('before' => 'guest'), function() {
/* Cross Site Request Forgery protection */
Route::group(array('before' => 'csrf'), function() {
/* Create Account (POST) */
Route::post('/account/create', array(
'as' => 'account-create-post',
'uses' => 'AccountController@postCreate'
));
});
Level 7
Here is the error:
Illuminate \ Session \ TokenMismatchException
/Applications/MAMP/htdocs/laravel/app/filters.php
|
*/
Route::filter('csrf', function()
{
if (Session::token() != Input::get('_token'))
{
throw new Illuminate\Session\TokenMismatchException;
}
});
Level 27
@jpeterson579 it is the default behaviour, Laravel uses the sessions for identifying the token on the server side. When you clear the history it is impossible for the server to retrieve the token and match it against the token submitted with form, hence the exception.
Level 7
@usman thank you for the reply. Just to clarify, I am not clearing the cache/history once i am already on the register page and before I hit the submit button.
Think of it this way.. I want to send a link to a friend that directly goes to my register page. He has never been to the site. So he clicks on the link, fills out the register form, and then clicks submit. This throws the TokenMismatchException...
From what your saying this is normal laravel behavior? Therefore I cannot send out invite that links directly to the register page?
Level 27
@jpeterson579 opps I misread in hurry sorry.
Please or to participate in this conversation.