Problems with csrf_token laravel

1

I understand the operation of csrf_token but I'm having problems with it. For example when I get inactive for about 5 minutes without working on the site and try to log in, it tells me that I have a token problem.

Ihavethefollowingquestion:

  • Wouldtherebeanywaytohandlethiserror,sothatitisnot"spit" on my user's screen?
  • Is there any way to reload this csrf_token from time to time so there is no problem with my user?
  • asked by anonymous 26.10.2016 / 07:16

    1 answer

    5
      

    1)

    Yes, to not show the error screen ( debug ) that in development is useful, but in production is unacceptable goes in the settings ( folder: config ) in the file app.php and make sure you are:

    'debug' => env('APP_DEBUG', false),
    

    That is, it has a configuration file .env that is set to true put false , in configuration APP_DEBUG :

    APP_ENV=local
    APP_DEBUG=false
    APP_KEY=base64:nwMoa0Q1chP1ksbWx+5iIeg4R7fsPlVG8ZUUk8jKEwE=
    APP_URL=http://localhost
    

    With this setting, the error screen ( debug ) is disabled.

      

    2) Is there any way to reload this csrf_token from time to time so there is no problem with my user?

    This is a security factor, and I'm thinking that your session is expiring and therefore the csfr_token has to be regenerated (there is the session relation with csrf_token ). Check the folder: config in the file session.php as it is set lifetime which is usually 120 minutes (% with%). Factors of 'lifetime' => 120 , programação of server and client code ( erros ), can be factors that cause problem in checking javascript , it is one of the (not the only) barriers that protect the your site against external attacks, check all the code that is being generated, possibly have errors that are not being observed. Want to load the screen from time to time may be a wrong alternative, I for example never had to do this with applications made with csfr_token .

      

    3) it's unpleasant to even check out an absurd error page.

    As already explained in the 1) item, you can disable the #

    ThisisthescreenthatappearswhensettingLaravel,andthecodeisinsidethedebugfolderintheAPP_DEBUG=falsefile.

    Withvendor\symfony\debug\thefilethatgeneratesthisinformationis VerifyCsrfToken.php , reading code is very advisable for learning and confirming the structure of how it is created and how this ExceptionHandler.php is checked.

    Error line of debug VerifyCsrfToken.php , that is, in the ( csrf_token ) some of them or all return middleware .

        
    26.10.2016 / 21:23