on every post request laravel sends a token, this is also stored on the session, laravel matches the token on the request with the one on the session if the tokens mismatch this exception occurs.
astroanu said:
on every post request laravel sends a token, this is also stored on the session, laravel matches the token on the request with the one on the session if the tokens mismatch this exception occurs.
@astroanu thanks for reply :) how could it be mismatched? i installed most defaultly. and used php artisan make auth. and then i served my app. but appears error like that.
If you are sending data via html form, try including {{csrf_token()}}. This will generate a token that will be sent with your form
its just default auth login from
<form class="form-horizontal" role="form" method="POST" action="{{ url('/login') }}"> {{ csrf_field() }}when i press refresh =>
protected function tokensMatch($request) { $sessionToken = $request->session()->token();
$token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');
if (! $token && $header = $request->header('X-XSRF-TOKEN')) {
$token = $this->encrypter->decrypt($header);
}
if (! is_string($sessionToken) || ! is_string($token)) {
return false;
}
echo $sessionToken; /this token changes every time i refresh/
echo '<br>';
echo $token; /this token not changes /
return hash_equals($sessionToken, $token);
}
on every action refresh click register login etc there is a new session file created in storage/framework/sessions folder.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast