CODEWITHSUNDEEP
phplaravellaravel-5csrf
Aditya Giri
Aditya Giri

Reputation: 1836

laravel - CSRF token always changes

Well this is the problem I am facing from yesterday. It is always giving me TokenMismatchException and when I digged in and compared a few things, I found that on my local server, the _token field never changes. But on my production, it does. And that's the reason it kept giving me TokenMismatchException. Does anyone know how to fix this error.

I have

  1. seen this question
  2. Went through documentation.
  3. Wrote several codeception tests.
  4. <input id="token" type="hidden" value="{{ csrf_token() }}"> this already in my code.

Upvotes: 4

Views: 5533

Answers (2)

Сергей Викторович
Сергей Викторович

Reputation: 118

May be usefull.

Html:

<meta name="_token" content="{{ csrf_token() }}">

Js:

var network = {
    post: function(path, params, cb, type){
        $.ajax({
            url: path,
            type: 'post',
            data: params,
            headers: { "X-CSRF-TOKEN" : $('meta[name="_token"]').attr('content') },
            dataType: type,
            success: function (response, status) {
                if (status == "success") {
                    if (response.reason == "token_timeout") {
                        var new_token = response.new_token;
                        $('meta[name="_token"]').attr('content', new_token);
                        network.post(path, params, cb, type);
                    }else{
                        cb(response);
                    }
                }
            }
        });
    }
};

network.post('path to handler...', { key: value... }, function(response){
   if(response.status == 'success'){
       // to do
   }
}, "json");

/app/Exceptions/Handler.php:

    public function render($request, Exception $exception) {

        if ($exception instanceof \Illuminate\Session\TokenMismatchException) {
            return response()->json(['reason' => 'token_timeout', 'new_token' => csrf_token()], 200);
        }

        return parent::render($request, $exception);
    }

Upvotes: 0

King User
King User

Reputation: 110

Check if you have domain in the config/session.php setup to the right path. Even I had got the same problem. And resolved it just by changing that path.

Upvotes: 7

Related Questions