If you stay too long on one form or get away from your computer, and then go back to fill it in – you may get a , because the CSRF token won’t be the same. It kinda makes sense, but the problem I recently discovered that it does the same for (which is also a form). And that’s pretty silly, so how to it?

Basically, if you do nothing on the page for a few hours and then click logout, you may see something like this:

token mismatch exception laravel  - Screen Shot 2018 01 08 at 9 - How to avoid TokenMismatchException on logout?

To avoid this, we may add exceptions for the URLs that we don’t want to have CSRF protection. There’s a special array for that – in /Http/Middleware/VerifyCsrfToken.php:

class VerifyCsrfToken extends Middleware
     * The URIs that should be excluded from CSRF verification.
     * @var array
    protected $except = [

So what we should do, is add logout into this array:

protected $except = [

You can add more URLs here, if you wish, but be careful – CSRF protection is quite an important thing.

The post How to avoid TokenMismatchException on logout? appeared first on Laravel Daily.

Source link


Please enter your comment!
Please enter your name here