Reputation: 193
TokenMisMatchException in Laravel 5.4
I am new to Laravel and PHP. I am using POST method to get user requests and I am getting TokenMismatchException on in verifyCSRFToken.php line 68. Checked the logs in server.php found the following.
[2017-06-13 11:29:55] local.ERROR: Symfony\Component\Debug\Exception\FatalThrowableError: Undefined constant 'home' in C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Container\Container.php:762
Stack trace:
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Container\Container.php(762): ReflectionClass->newInstanceArgs(Array)
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Container\Container.php(608): Illuminate\Container\Container->build('App\\Http\\Middle...')
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Container\Container.php(575): Illuminate\Container\Container->resolve('App\\Http\\Middle...')
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Foundation\Application.php(72Illuminate\Container\Container->make('App\\Http\\Middle...')
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(138): Illuminate\Foundation\Application->make('App\\Http\\Middle...')
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\View\Middleware\ShareErrorsFromSession.php(49): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(148): Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(Illuminate\Http\Request), Object(Closure))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Session\Middleware\StartSession.php(64): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(148): Illuminate\Session\Middleware\StartSession->handle(Object(Illuminate\Http\Request), Object(Closure))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse.php(37): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(148): Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(Illuminate\Http\Request), Object(Closure))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Cookie\Middleware\EncryptCookies.php(59): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(148): Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(Illuminate\Http\Request), Object(Closure))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(102): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Routing\Router.php(576): Illuminate\Pipeline\Pipeline->then(Object(Closure))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Routing\Router.php(535): Illuminate\Routing\Router->runRouteWithinStack(Object(Illuminate\Routing\Route), Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Routing\Router.php(513): Illuminate\Routing\Router->dispatchToRoute(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Foundation\Http\Kernel.php(174): Illuminate\Routing\Router->dispatch(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(30): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\TransformsRequest.php(30): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(148): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle(Object(Illuminate\Http\Request), Object(Closure))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\TransformsRequest.php(30): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(148): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle(Object(Illuminate\Http\Request), Object(Closure))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\ValidatePostSize.php(27): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(148): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle(Object(Illuminate\Http\Request), Object(Closure))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode.php(46): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(148): Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle(Object(Illuminate\Http\Request), Object(Closure))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(102): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Foundation\Http\Kernel.php(14 Illuminate\Pipeline\Pipeline->then(Object(Closure))
C:\Users\Dikesh Kumar\blog\vendor\laravel\framework\src\Illuminate\Foundation\Http\Kernel.php(11 Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\public\index.php(53): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request))
C:\Users\Dikesh Kumar\blog\server.php(21): require_once('C:\\Users\\Dikesh...')
{main}
Could someone help?
Upvotes: 0
Views: 5807
Answers (5)
Reputation: 1
in app/Http/helpers.php you will find a space in the beginning of the file before <?php just remove it.
Upvotes: -1
Reputation: 290
I got the same problem, this error can come from multiple sources. I didnt find my answer so i dig in laravel upgrade. I use database driver so i looked at the sessions table migration. Some of the new fields are nullable. I fixed my table and it works.So if you have a problem with tokenmismatch, check if laravel can creates sessions(files or database).
Upvotes: 0
Reputation: 849
I think what you are saying is that you know how to use the csrf token, however, after some time you get a token mismatch. This happens for example if your login page sits in your browser for a while where the form has generated the token already (as a hidden field). Now when you try to fill out the form, you are using the token that you generated (example: Yesterday) the last time you refreshed the page. On the back, once you submit the form, laravel will instantiate a new token and will compare against that token, which will be invalid.
You can change the session expiry inside /app/config/session.php from 120 minutes to anything longer than that.
Otherwise you can have an HTML meta refresh tag to refresh every 120 minutes so when the form is on idle, you can refresh the page and print the latest csrf token.
Upvotes: 2
Reputation: 4167
You need to define csrf token in your meta tag:
<meta name="csrf-token" content="{{ csrf_token() }}">
Or you can also pass as hidden input element:
<input type="hidden" name="_token" value="{{ csrf_token() }}">
If you are using ajax then you have to define csrf value as:
<script type="text/javascript">
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});
</script>
and then run the following commnad:
php artisan cache:clear
Upvotes: 2
Reputation: 26288
Laravel makes it easy to protect your application from cross-site request forgery (CSRF) attacks. Cross-site request forgeries are a type of malicious exploit whereby unauthorized commands are performed on behalf of an authenticated user.
Laravel automatically generates a CSRF "token" for each active user session managed by the application. This token is used to verify that the authenticated user is the one actually making the requests to the application.
Anytime you define a HTML form in your application, you should include a hidden CSRF token field in the form so that the CSRF protection middleware can validate the request. You may use the csrf_field helper to generate the token field:
<form method="POST" action="/profile">
{{ csrf_field() }}
...
</form>
Upvotes: 6
Related Questions
- TokenMisMatchException in Laravel Auth
- Laravel 5 - TokenMismatchException
- Token Mismatch Exception on Laravel 5.4
- Laravel TokenMismatchException
- Laravel 5.2 TokenMismatchException
- TokenMismatchException on Laravel 5.2
- Php laravel TokenMismatchException request
- TokenMismatchException laravel 5.1
- TokenMismatchException in laravel
- Laravel 5 TokenMismatchException on login