Laravel 4 authentication token doesn't match

Question

In the filters file I have the following:

Route::filter('auth', function()
{
    if (Auth::guest()) return Redirect::to('user/login');
});

These are the routes I have in my routes.php file:

Route::group(['before' => 'auth'], function ()
{
    Route::resource('section', 'SectionController');
    Route::resource('article', 'ArticleController');
});

Route::controller('user', 'UserController');

the UserController is where the action takes place. Inside the UserController this method handles the login form post which is standard Laravel blade template, no package in use:

Blade file:

    {{ Form::open(['url' => 'user/signin']) }}
{{ Form::token() }}
    <div class="form-group">
        <label>{{ trans('user.email') }}</label>
        <input type="email" name="email" value="" class="form-control">
    </div>

    <div class="form-group">
        <label>{{ trans('user.password') }}</label>
        <input type="password" name="password" value="" class="form-control">
    </div>

    <input type="submit" class="btn btn-primary" value="{{ trans('login') }}">
                {{ Form::close() }}

and this is the UserController post action:

public function postSignin()
{
    //
    if (Auth::attempt(['email' => Input::get('email'), 'password' => Input::get('password')]))
    {
        return Auth::user()->email;
    }
    else
    {
        return Redirect::to('user/login')->with('message', trans('login.failure'));
    }
}

and this is the migration file I use:

public function up()
{
    //
    Schema::create('users', function ($table) {
        $table->increments('id');
        $table->string('email', 16)->unique();
        $table->string('password', 255);
        $table->timestamps();
    });
}

But when I login, I get an exception:

Illuminate \ Session \ TokenMismatchException

thrown in the filters.php file:

Route::filter('csrf', function()
{
    if (Session::token() != Input::get('_token'))
    {
        throw new Illuminate\Session\TokenMismatchException;
    }
});

What am I doing wrong? Does Auth::attempt Hash the password? it is Hashed in the Seeder I use to generate the root user. When I dump the Session::token() it's identical to my Form::token() but still, the TokenMismatchException is thrown within the filters.php file.

Update I disabled the csrf filter in order to be able to actually see the tokens. The two tokens Session::token() and Form::token() are identical before I submit the form, I checked this by looking at the HTML source code. When I submit the form and and dump the tokens using dd() inside my postSignin method the Session::token() has changed. It is no longer identical to the Session::token() seen in the HTML source code.

return array(
    'driver' => 'array',
);

Session config in local folder.

Answer 1

After more fiddling around I realized the solution was to hash the password. In Laravel 4.1 passwords have to be hashed in order for Auth to work.

Adding a hash to the password in the DB seeder, I can log in

Answer 2

FYI - this is not an auth issue - it has nothing to do with login authentication.

This relates to a CSRF token, due to the form submission. Somewhere in your code, you must be calling the CSRF filter.

Adding this to your form should solve the problem:

{{ Form::open(['url' => 'user/signin']) }}
    {{ Form::token() }}

    ....  /// rest of form stuff here 

{{ Form::close() }}

edit: make sure your session configuration is also correct. If it is set to 'array' it will not work. It should be 'file' or some other option.