TokenMismatchException in VerifyCsrfToken.php line 67: Laravel 5.2

Question

Can someone explain me why I get sometimes this error:

TokenMismatchException in VerifyCsrfToken.php line 67:

in VerifyCsrfToken.php line 67
at VerifyCsrfToken->handle(object(Request), object(Closure))
at call_user_func_array(array(object(VerifyCsrfToken), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in ShareErrorsFromSession.php line 49
at ShareErrorsFromSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(ShareErrorsFromSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in StartSession.php line 64
at StartSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(StartSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in AddQueuedCookiesToResponse.php line 37
at AddQueuedCookiesToResponse->handle(object(Request), object(Closure))
at call_user_func_array(array(object(AddQueuedCookiesToResponse), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136

Sometimes it works fine. I am using middleware in the controllers like this:

    $this->middleware(['admin', 'user'], ['only' => [
        'show',
    ]]);

    $this->middleware('admin', ['only' => [
        'index',
        'store',
        'create',
    ]]);

I don't have any middleware in route.php, I tried using {!! csrf_field() !!} and/or {!! csrf_token() !!} inside my forms but I still get the error sometimes.

This is an example of the log in form

{!! Form::open(['route'=>'log.store', 'method'=>'POST']) !!}
                                {!! csrf_field() !!}
                                {!! csrf_token() !!}
                                {!!Form::text('user',null,array('placeholder' => 'user'))!!}
                                {!!Form::password('password',array('placeholder' => 'Password'))!!}<br>
                                {!!Form::select('logType', [
                                'A' => 'A', 
                                'E' => 'E',
                                ])!!}
                                {!!Form::submit('Log in',['class'=>'button'])!!}
                            {!!Form::close()!!}

Answer 1

https://laravelcollective.com/docs/5.2/html

If you use the Form::open or Form::model method with POST, PUT or DELETE the CSRF token used by Laravel for CSRF protection will be added to your forms as a hidden field automatically.

--

{!! Form::open(['route'=>'log.store', 'method'=>'POST']) !!} {!! csrf_field() !!} {!! csrf_token() !!} User'))!!}

try changing to

{!! Form::open(['route'=>'log.store', 'method'=>'POST']) !!}

in the snippet you provide the token is rendered 3 times, just inspect the HTML. use only the Form::open . calling and rendering multiple times might change the token and the final rendered element overrides the previous but in session it might not have changed.

Also avoid sending request too often as an mismatch might occur.