Have just statred a new app in Laravel 5 and I am having some trouble using the out of the box auth...
I keep getting : TokenMismatchException in VerifyCsrfToken.php line 46: on submitting the login or signup forms...
I can see on the login form page the token codes that are in the hidden form field and Session at that point are the same...
As a test I have also tried as some other posts suggested commenting out //'App\Http\Middleware\VerifyCsrfToken', in app/Http/kernal.php to see what would happen. After doing this every time I submit a form I get a message which says redirecting to: /auth/login or /auth/register depending on where I came from with no success.
The weird thing was this was working when I first installed the framework. All I have done since then is run a few migrations and setup some of my models and controllers and seeded the db with some user data.
UPDATE:
Looking into this further in the function tokensMatch() on line 55 of VerifyCsrfToken.php if I :
var_dump($request->session()->token()); var_dump($request->input('_token'));
I can see the two tokens are different but at the form using:
var_dump(Session::all()); {{{ csrf_token() }}}
They are the same. The Session token has changed some how before it gets to the function tokensMatch() on line 55 of VerifyCsrfToken.php
My stack trace is as follows:
in VerifyCsrfToken.php line 46 at VerifyCsrfToken->handle(object(Request), object(Closure)) in VerifyCsrfToken.php line 17 at VerifyCsrfToken->handle(object(Request), object(Closure)) in Pipeline.php line 125 at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in ShareErrorsFromSession.php line 55 at ShareErrorsFromSession->handle(object(Request), object(Closure)) in Pipeline.php line 125 at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in StartSession.php line 61 at StartSession->handle(object(Request), object(Closure)) in Pipeline.php line 125 at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in AddQueuedCookiesToResponse.php line 36 at AddQueuedCookiesToResponse->handle(object(Request), object(Closure)) in Pipeline.php line 125 at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in EncryptCookies.php line 40 at EncryptCookies->handle(object(Request), object(Closure)) in Pipeline.php line 125 at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in CheckForMaintenanceMode.php line 42 at CheckForMaintenanceMode->handle(object(Request), object(Closure)) in Pipeline.php line 125 at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) at call_user_func(object(Closure), object(Request)) in Pipeline.php line 101 at Pipeline->then(object(Closure)) in Kernel.php line 111 at Kernel->sendRequestThroughRouter(object(Request)) in Kernel.php line 84 at Kernel->handle(object(Request)) in index.php line 53
I first just got it working removing the line:
'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken'
from /app/Http/Resquests/Kernel.php. However, this means the CSRF token check will be removed, which implies that your website will not be protected from cross-site request forgeries.
Update According to the documentation, you should add the CSRF token to your form by adding this snippet to your code:
<input type="hidden" name="_token" value="{{ csrf_token() }}">
I used first way in backend services for mobile application but I find I can send send CSRF header within requests.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With