csrf token missmatch after long time

Question

We have a custom login popup model. We user click of login then popup comes into the picture. csrf-token generated, but when he doesn't do anything then after some time token mismatch occurs. And throws an exception. I need some idea to refresh token after some time or it'll never expire something like that.

Can you please help me?

Welcome to StackOverflow! Please share relevant code and/or steps what you have tried. — Genhis, Jul 10 '19 at 10:33

score 0 · Answer 1 · answered Jul 10 '19 at 10:08

The default session time is 120 minutes and can be configured with SESSION_LIFETIME in the .env file.

you can do one of the following things:

a) set the SESSION_LIFETIME to a very high number like 35791394 (68 years)
b) when the user opens up the website, start a javascript timer that refreshes the page after SESSION_LIFETIME minutes

score 0 · Answer 2 · answered Jul 10 '19 at 10:11

To refresh the token at a certain time you may do it like this:

<html>
<head>
    <title>My website </title>
</head
<body>
<form method="POST" action="#">
    <input type="hidden" name="_token" id="csrf-token" value="{{ csrf_token() }}" />
</form>
    <script type="text/javascript">
        var csrfToken = $('#csrf-token').val();

        setInterval(refreshToken, 3600000); // 1 hour 

        function refreshToken(){
            $.get('refresh-token').done(function(data){
                csrfToken = data; // the new token
            });
        }

        setInterval(refreshToken, 3600000); // 1 hour 

    </script>
</body>
</html>

In your routes file:

Route::get('refresh-token', function(){
    return csrf_token();
});

Used source: https://stackoverflow.com/a/31451123/3963382

csrf token missmatch after long time

2 Answers2