Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Laravel 4.2 generates new CSRF token depending of requests frequecy?

Tags:

ajax

php

garbage-collection

csrf

laravel

I've encountered strange behavior of CSRF token in Laravel 4.2. - token was changing between requests (not always, but randomly).

First thought was that I had problems with garbage collection or there was some bug in Laravel. And even more - this happens only on remote server and locally everything is OK. However, server settings and session config is the same.

Garbage collection in php.ini is turned off. The only GC that works is the one started by cron every 30 minutes, however, that also does not relate to this problem - I've checked.

1) If I send ajax requests not frequently (e.g. one time every second) - it works during hours without problems.

2) When I send ajax requests very often during small period of time (20 times during 3-5 seconds) - the token is changed after 15-th or 20-th request. Sometimes even on the 10-th.

Is there some hidden functionality (I did not found that, however) that changes token if it looks like 'dangerous' requests, checking frequency?

like image 505
kovpack Avatar asked Sep 08 '14 13:09

kovpack

People also ask

How does laravel generate CSRF token?

Laravel automatically generates a CSRF "token" for each active user session managed by the application. This token is used to verify that the authenticated user is the person actually making the requests to the application.

How long does CSRF token last laravel?

It becomes invalid once your session expires. Thus if you set the lifetime to 1 week, CSRF token will only expire after 1 week.

What is Csrf_field () in laravel?

CSRF stands for Cross-Site Request Forgery. In this case, Laravel is requiring this field to be sent with the request so that it can verify the request is not a forgery when posted back.

Does laravel API need CSRF token?

Laravel CSRF Token Ajax Calls In Laravel, Middleware handles all the requests and doesn't allow any POST request without the right CSRF token verification. Therefore, in order to proceed further, you must input the CSRF Token while sending the AJAX request.

1 Answers

I believe that this is because the Laravel file session driver does not provide locking. I would suggest switching to the database session driver in app\config\session.php and see if you get the expected result.

Here are the relevant docs: http://laravel.com/docs/4.2/session#session-drivers

like image 190
ktross Avatar answered Oct 29 '22 22:10

ktross
Sign in to Comment

Related questions

php-resque job perform function not executed?
How to unit test a Joomla 2.5 component
How to implement Mozilla DeepSpeech into PHP web app to convert Speech-to-text?
Using Interfaces in Kohana 3.1.3
PHP cURL sending to port 8080
Eclipse opening files with full path when debugging PHP
PHP sessions in Database [duplicate]
How to configure FOSUserBundle to be the authentication provider for my FOSOAuthServerBundle enabled server
Cannot connect to PayPal API via cURL
Host 'hostname' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'
Gateway Time-out:The gateway did not receive a timely response from the upstream server
Xampp PHP Create COM Object Fatal Error without any info
Working with pretty urls on apache and fastcgi after hhvm installation

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!