I've encountered strange behavior of CSRF token in Laravel 4.2. - token was changing between requests (not always, but randomly).
First thought was that I had problems with garbage collection or there was some bug in Laravel. And even more - this happens only on remote server and locally everything is OK. However, server settings and session config is the same.
Garbage collection in php.ini is turned off. The only GC that works is the one started by cron every 30 minutes, however, that also does not relate to this problem - I've checked.
1) If I send ajax requests not frequently (e.g. one time every second) - it works during hours without problems.
2) When I send ajax requests very often during small period of time (20 times during 3-5 seconds) - the token is changed after 15-th or 20-th request. Sometimes even on the 10-th.
Is there some hidden functionality (I did not found that, however) that changes token if it looks like 'dangerous' requests, checking frequency?
Laravel automatically generates a CSRF "token" for each active user session managed by the application. This token is used to verify that the authenticated user is the person actually making the requests to the application.
It becomes invalid once your session expires. Thus if you set the lifetime to 1 week, CSRF token will only expire after 1 week.
CSRF stands for Cross-Site Request Forgery. In this case, Laravel is requiring this field to be sent with the request so that it can verify the request is not a forgery when posted back.
Laravel CSRF Token Ajax Calls In Laravel, Middleware handles all the requests and doesn't allow any POST request without the right CSRF token verification. Therefore, in order to proceed further, you must input the CSRF Token while sending the AJAX request.
I believe that this is because the Laravel file session driver does not provide locking. I would suggest switching to the database session driver in app\config\session.php and see if you get the expected result.
Here are the relevant docs: http://laravel.com/docs/4.2/session#session-drivers
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With