0

I have build a CMS where pages are build with elements. Each element has fields etc. When editing a page all elements (with their corresponding fields) are put in an accordion. When clicked on a accordion title, it opens the element (with fields and values). Data is retrieved using Ajax. When the user edits the fields, he clicks on save, which triggers another Ajax call.

The thing me and clients are noticing, is that if you work fast (like opening one element, whoops wrong one, lemme open another etc), the user gets logged out. An error 401 is sent saying 'Unauthorized'

At first thought this had to do with the CSRF tokens. Sent it as a _token field or in the headers with the Ajax calls etc. When this was not working I decided to make a token exception for all Ajax calls, but still the same problems.

It looks like, when one ajax request is still being processed and I call another, I get logged out.

So my question is, what to do about this? As it's very annoying for the 'fast' users among us.

Alvin Bakker
  • 1,456
  • 21
  • 40
  • http://stackoverflow.com/a/35343982/2020002 might be what you are looking for – Derek Pollard Mar 04 '16 at 18:29
  • If the system is logging out it's not a CRSF token issue. That sounds more like a session issue. I would just print out the whole route list "php artisan route:list" and check the middleware column to see all of those ajax requests are under auth or web middleware and there is no "guest" middleware. Having both will also result in session lost too. – Can Celik Mar 04 '16 at 18:31
  • @Oliver, tried that also – Alvin Bakker Mar 04 '16 at 19:32
  • You should provide the route code – Derek Pollard Mar 04 '16 at 19:32
  • In my search I came across this article https://github.com/laravel/framework/issues/7549 and changed the session storage to `database`. The client is now doing a test drive to see if the errors are gone. I will keep you all posted of the outcome – Alvin Bakker Mar 04 '16 at 19:33

1 Answers1

0

After reading this article: https://github.com/laravel/framework/issues/7549 I have set the session storage to database. Now the errors of 'unauthorized' do not happen with the multiple ajax request we do in our CMS.

Alvin Bakker
  • 1,456
  • 21
  • 40