12

I have created a form which is having a lot of fields and user can create an unlimited field in it. If a user spends more time on it CSRF token get expires and when he clicks on the submit LARAVEL return the error CSRF token mismatch. So how can I get new CSRF token by using ajax call so I can update the CSRF on a regular time of interval? I can not refresh or reload the form.

FIROZ TENNALI
  • 123
  • 1
  • 1
  • 7
  • 1
    Possible duplicate of [Handling expired token in Laravel](https://stackoverflow.com/questions/31449434/handling-expired-token-in-laravel) – miken32 Nov 02 '18 at 21:30

2 Answers2

16

Update; Although below answers what was asked for, but:

  • All pages of session share the exact same CSRF-token (at least in Laravel),
  • Hence if one browser-tab creates a new token,
  • All other tabs suddenly have an invalid-token !!

Old answer

By using this code you can get a new token after login by using the regenerate() method and returning a new csrf_token() in the response.

Your Controller inside the function:

public function refreshToken(Request $request)
{
     session()->regenerate();
     return response()->json([
        "token"=>csrf_token()],
      200);

}

JavaScript:

$.ajax({
    url: "{{url('refresh-token')}}",
    type: 'get',
    dataType: 'json',
    success: function (result) {
        $('meta[name="csrf-token"]').attr('content', result.token);
        $.ajaxSetup({
            headers: {
                'X-CSRF-TOKEN': result.token
            }
        });
    },
    error: function (xhr, status, error) {
        console.log(xhr);
    }
});
Top-Master
  • 7,611
  • 5
  • 39
  • 71
Ramesh
  • 1,495
  • 12
  • 14
  • Thanks for the tip. I use this approach to load new CSRF Token on document ready with ajax to replace all tokens in static page from Laravel Cached Response. – KeitelDOG Mar 11 '21 at 02:53
2

Just add this to your script

<script type="text/javascript">
            $.ajaxSetup({
                headers: {
                    'X-CSRF-TOKEN': $('meta[name="_token"]').attr('content')
                }
            });
</script>

And make sure you have added token to your meta tag like below.

<meta name="_token" content="{!! csrf_token() !!}" />

I hope this will work for you.

Link https://laravel.com/docs/5.4/csrf#csrf-x-csrf-token

If you still found the same issue then please review these pieces of stuff

  1. Handling expired token in Laravel

  2. https://laracasts.com/discuss/channels/laravel/csrf-token-mismatch-error-on-session-timeout-form?page=1

And Make sure you take a look at all answers, not only checked one

Saroj
  • 1,343
  • 4
  • 15
  • 31
  • Yes @Geoffrey. I just changed the name by my way – Saroj Aug 14 '17 at 06:15
  • Actually, I am doing same but this key get expire after some time so I need new key without reloading page. – FIROZ TENNALI Aug 14 '17 at 09:24
  • In that case, you might need to take a look at this stuff. 1. https://stackoverflow.com/questions/31449434/handling-expired-token-in-laravel 2. https://laracasts.com/discuss/channels/laravel/csrf-token-mismatch-error-on-session-timeout-form?page=1. And Make sure you take a look on all answers, not only checked one. – Saroj Aug 14 '17 at 11:35
  • Hey yes, Brain can you put this answer in the original answer so I can mark it as the correct solution. Thanks very much it was the easiest solution. – FIROZ TENNALI Aug 14 '17 at 15:19
  • Added. @FIROZTENNALI – Saroj Aug 16 '17 at 04:36