That's the indented behavior. The Token mentioned in the exception is the CSRF token in the login form (and other Laravel forms) which is there to prevent cross-site request forgery (thus the name). The token is good for about two hours, if you submit a form after that you get the exception.
If you want to handle this situation some other way, you can write your own error handler, and, say, just redirect back to login form.
It's also possible, but not advisable, to turn off CSRF protection altogether. It can be done by removing VerifyCsrfToken middleware in app/Http/Kernel.php file.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast