Menu
I'm actually playing around with Laravel 4. Right now I'm implemented the CSRF token security on form post.
The problem is that, this is not actually working in the sense that the token generated in the session Session::token() is always the same so when I try to re-submit a form or even post a form from another server, the security check is not working Session::token() != Input::get('_token') (filters.php)
Anyone already faced this issue?
EDIT :
Ok I found the explanation of this. The token is actually different for each machine/session. It makes more sense now :)
Thanks to everyone for your help
364
Invalid or missing CSRF token This error message means that your browser couldn't create a secure cookie, or couldn't access that cookie to authorize your login. This can be caused by ad- or script-blocking plugins, but also by the browser itself if it's not allowed to set cookies.
Laravel automatically generates a CSRF "token" for each active user session managed by the application. This token is used to verify that the authenticated user is the person actually making the requests to the application.
when the form is submitted, after processing the form you should change the CSRF token like Session::put('_token', md5(microtime())); this will protect from form re-submission.. for more info you can see this and this
110
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
