Reputation: 1762
Laravel token confirmation
I have a basic question.
Laravel tokens works for password reset.
In my case, i'd like to use it for a change request sent by user (via custom change form) which is going to be accepted/refused by an admin. Can tokens be used that way ?
View :
<form action="{{ action('myController@changeResult') }}" method="POST">
<input type="hidden" name="token" value="{{ $token }}">
<input type="radio" name="accept" value="accept">
<input type="label">Accept</label>
<input type="radio" name="refuse" value="refuse">
<input type="label">Refuse</label>
<input type="submit" value="Reset Password">
</form>
Then posting the value into myController controller's changeResult method.
Thanks in advance.
Upvotes: 1
Views: 349
Answers (1)
Reputation: 68
CSRF tokens are for validating the current form submission. Once a user clicked on the 'Reset password' button, then the token is validated and form will be accepted/rejected. IF you want to reopen the submitted form for admin, then re-opened form will use a new token for that form submission, so it is not useful to use old token to validate the request send to admin.
Instead you can generate some random key specific to each user request and can be store it into a database or file. later this key can be used for validating request.
Upvotes: 2
Related Questions
- Laravel bearer token authentication
- laravel login through API using token
- Laravel Api Token
- Laravel Token miss match exception
- Auth0 Laravel: Validate token and get user information
- Laravel API TokenMismatchException
- Laravel TokenMismatchException
- Laravel Token Signature could not be verified
- Laravel 4 Auth With Token
- Laravel 4 authentication token doesn't match