Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why Laravel 4 CSRF token is not working?

I'm actually playing around with Laravel 4. Right now I'm implemented the CSRF token security on form post.

The problem is that, this is not actually working in the sense that the token generated in the session Session::token() is always the same so when I try to re-submit a form or even post a form from another server, the security check is not working Session::token() != Input::get('_token') (filters.php)

Anyone already faced this issue?

EDIT :
Ok I found the explanation of this. The token is actually different for each machine/session. It makes more sense now :) Thanks to everyone for your help

like image 364
lkartono Avatar asked Aug 22 '13 12:08

lkartono


People also ask

Why CSRF is not working?

Invalid or missing CSRF token This error message means that your browser couldn't create a secure cookie, or couldn't access that cookie to authorize your login. This can be caused by ad- or script-blocking plugins, but also by the browser itself if it's not allowed to set cookies.

How does laravel verify CSRF token?

Laravel automatically generates a CSRF "token" for each active user session managed by the application. This token is used to verify that the authenticated user is the person actually making the requests to the application.


1 Answers

when the form is submitted, after processing the form you should change the CSRF token like Session::put('_token', md5(microtime())); this will protect from form re-submission.. for more info you can see this and this

like image 110
Trying Tobemyself Avatar answered Sep 20 '22 22:09

Trying Tobemyself