Issue
What is the best way to handle expired tokens in laravel 5.
I mean I have a page and it has some links which perform ajax requests. They work fine when the page is loaded but when I wait for sometime then I get a TOKEN MISMATCH error.
Now, I have to refresh the page to make it work again. BUT, I don't want to refresh the page. I want some way to refresh the token or some other work around to make it fix.
I hope you got my point.
Solution
Update 2021:
Hello Stackoverflow! It seems that the answer we've posted a few years ago has sparked some controversy.
To sum it up, the approach we've posted does solve the technical aspect of the problem. However, from web security standpoint it seems to be debatable.
With our limited expertise, we still believe our solution is viable, but to reduce doubt please make sure to go through the comments section as well as the answer posted by Ryan since they think otherwise before you make your decision. Thanks.
Original Answer From 2015
a work around for it, is to actually get the new token every certain time, otherwise you are defeating the purpose of the csrf token:
<html>
<head>
<meta name="csrf_token" content="{{ csrf_token() }}">
</head>
<body>
<script type="text/javascript">
var csrfToken = $('[name="csrf_token"]').attr('content');
setInterval(refreshToken, 3600000); // 1 hour
function refreshToken(){
$.get('refresh-csrf').done(function(data){
csrfToken = data; // the new token
});
}
setInterval(refreshToken, 3600000); // 1 hour
</script>
</body>
</html>
In laravel routes
Route::get('refresh-csrf', function(){
return csrf_token();
});
I apologize in case of any syntax errors, haven't used jquery for long time, but i guess you get the idea
Answered By - UX Labs
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.