token mismatch execption - laravel auth

Question

I have following routes

Route::controller('users', 'UsersController');

Controllers

class UsersController extends BaseController {
    protected $layout = "layouts.login";

    public function __construct() {
        $this->beforeFilter('csrf', array('on'=>'post'));
        $this->beforeFilter('auth', array('only'=>array('getDashboard')));
    }


    public function getRegister() {
    $this->layout->content = View::make('users.register');
    }


    public function logout() {
        Auth::logout();
        return Redirect::to('users/login')
        ->with('message', 'Good Bye')
        ->withInput();
    }

    public function getLogin() {
        $this->layout->content = View::make('users.login');
    }

    public function postSignin() {
        if (Auth::attempt(array('email'=>Input::get('email'), 'password'=>Input::get('password'),'role'=>'admin'))) {
    return Redirect::to('mix/dashboard')->with('message', 'You are now logged in!');
    } 
    else {
    return Redirect::to('users/login')
        ->with('message', 'Your username/password combination was incorrect')
        ->withInput();
}         
    }

    public function postCreate() {
        $validator = Validator::make(Input::all(), User::$rules);

        if ($validator->passes()) {
            // validation has passed, save user in DB
            $user = new User;
            $user->firstname = Input::get('firstname');
            $user->lastname = Input::get('lastname');
            $user->email = Input::get('email');
            $user->password = Hash::make(Input::get('password'));
            $user->save();

            return Redirect::to('users/login')->with('message', 'Thanks for registering!');

        } else {
            // validation has failed, display error messages    
            return Redirect::to('users/register')->with('message', 'The following errors occurred')->withErrors($validator)->withInput();

        }
    }


}

view

<div class="login-body">
<h2>SIGN IN</h2>
<form method="post" action="{{Request::root()}}/users/Signin">


    <div class="control-group">
        <div class="email controls">
        {{ Form::text('email', null, array('class'=>'input-block-level', 'placeholder'=>'Email Address', 'data-rule-required'=>'true' ,'data-rule-email'=>'true')) }}
        </div>
    </div>  
    <div class="control-group">
        <div class="pw controls">
            {{ Form::password('password', array('class'=>'input-block-level', 'placeholder'=>'Password','data-rule-required'=>'true')) }}
            <input type="hidden" name="_token" value="<?php echo csrf_token(); ?>">
        </div>
    </div>
   <div class="submit">
    <div class="remember">
        <input type="checkbox" name="remember" class='icheck-me' data-skin="square" data-color="blue" id="remember"> <label for="remember">Remember me</label>
    </div>
    {{ Form::submit('Login', array('class'=>'btn btn-primary'))}}

{{ Form::close() }}

<div class="forget">
                <a href="#"><span>Forgot password?</span></a>
            </div>
        </div>

Whenever i try to login it shows tokenmismatch exception error and shows following lines of filter.php

Route::filter('csrf', function()
{
    if (Session::token() != Input::get('_token'))
    {
        throw new Illuminate\Session\TokenMismatchException;
    }
});

I have been clueless past three days...

worst is that this error automatically came , it was working fine earlier .. i did not make any changes at all !

Answer 1

It was client side issue

I just deleted cookies and then it start working.

Answer 2

Avoid having csrf on your GET routes since they don't have a token and will throw TokenMismatchException. With that said you could look at this snippet of code you could add in your controller to avoid these exceptions: `class UserController extends BaseController {

/**
 * Instantiate a new UserController instance.
 */
public function __construct()
{
    $this->beforeFilter('auth', array('except' => 'getLogin'));

    $this->beforeFilter('csrf', array('on' => 'post'));

    $this->afterFilter('log', array('only' =>
                        array('fooAction', 'barAction')));
}

} `

As you can see the CSRF filter is only being applied on the POST method and the auth one is only being applied on the getLogin controller method.

Answer 3

You probably add the crsf filter in the /users/Signin route. You have several options:

Fistly, you can remove the crsf filter from the route.

Second, you should add the csrf token to your form input (after the <form ...> line)

{{ Form::token(); }} 

Or you can change your Form declaration using the Form macro with also include the csrf token.

{{ Form::open(array('url' => 'users/Signin' ) ); }}

I hope it helps you.