I am working with simple login application, where there is a form of login on "GET" Request. On get request a session file is created in "storage/framework/session/" folder. That includes the csrf-token on the form equivalent to session token but, when I a submit that form with post request again a session file had been created which holds different csrf-token value. So, it seems when both token has been compared they didn't match ie. "form-csrf-token" and "session-csrf-token". Ultimately it throws TokenMismatchException.
I want to know that how can I fix this?
I don't want to use CSRF verification exclusion, because it will become a big security issue for me to not to use CSRF Verification.
I am using Form façade blade template to generate a Form.
Here is the code of route.php
Route::get('/', function(){
if(Auth::check()){
return redirect('home');
}
return view('pages.index');
});
Route::post('auth/login', 'Auth\AuthController@postLogin');
Route::post('auth/register', 'Auth\AuthController@postRegister');
Route::get('home', 'PageController@home')->middleware(['auth']);
Route::get('about','PageController@about');
// Authentication Routes...
Route::get('auth/login', 'Auth\AuthController@getLogin');
Route::get('auth/logout', 'Auth\AuthController@getLogout');
// Registration Routes...
Route::get('auth/register', 'Auth\AuthController@getRegister');
Auth\AuthController.php
class AuthController extends Controller
{
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
protected $redirectTo = '/home';
/**
* Create a new authentication controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest', ['except' => 'getLogout']);
}
/**
* Get a validator for an incoming registration request.
*
* @param array $data
* @return \Illuminate\Contracts\Validation\Validator
*/
protected function validator(array $data)
{
return Validator::make($data, [
'FirstName' => 'required|max:255',
'Gender' => 'required|in:Male,Female,Trans',
'DateOfBirth' => 'required|date|before:today',
'email' => 'required|email|max:255|unique:users,email',
'password' => 'required|min:6',
'confirmed' => 'required|same:password'
]);
}
/**
* Create a new user instance after a valid registration.
*
* @param array $data
* @return User
*/
protected function create(array $data)
{
return User::create([
'FirstName' => $data['FirstName'],
'Surname' => $data['surname'],
'DateOfBirth' => $data['DateOfBirth'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
'Gender' => $data['Gender']
]);
}
}
loginsignup.blade.php
<div class="w3-container">
<div class="w3-row w3-padding-top w3-right">
<div class="col left">
<h3>Create an account</h3>
<h5>It's free and always will be.</h5>
{!! Form::open(array('url'=>'auth/register','method'=>'POST','id'=>'formRegister')) !!}
<div class="w3-group">
<input type="text" class="w3-input register" id="FirstName" name="FirstName" required>
<label class="w3-label w3-text-theme">First Name</label>
</div>
<div class="w3-group">
<input type="text" class="w3-input register" id="surname" name="surname" required>
<label class="w3-label w3-text-theme">Surname</label>
</div>
<div class="w3-group">
<input type="date" class="w3-input register" id="DateOfBirth" name="DateOfBirth" required>
<label class="w3-label w3-text-theme">Date of Birth</label>
</div>
<div class="w3-group">
<input type="text" class="w3-input register" id="email" name="email" required>
<label class="w3-label w3-text-theme">Email</label>
</div>
<div class="w3-group">
<input type="password" class="w3-input register" id="password" name="password" required>
<label class="w3-label w3-text-theme">New password</label>
</div>
<div class="w3-group">
<input type="password" class="w3-input register" id="confirmed" name="confirmed" required>
<label class="w3-label w3-text-theme">Re-enter password</label>
</div>
<label class="w3-checkbox w3-text-theme">
<input type="radio" name="Gender" value="Male" checked>
<span class="w3-checkmark"></span> Male
</label>
<label class="w3-checkbox w3-text-theme">
<input type="radio" name="Gender" value="Female">
<span class="w3-checkmark"></span> Female
</label>
<label class="w3-checkbox w3-text-theme">
<input type="radio" name="Gender" value="Trans">
<span class="w3-checkmark"></span> Trans
</label>
<br><br>
<button class="w3-btn w3-theme"> Create an account </button>
{!! Form::close() !!}
</div>
<div class="col right">
<button class="btn facebook" data-provider="facebook"><i></i><span>Facebook</span></button>
<button class="btn twitter" data-provider="twitter"><i></i><span>Twitter</span></button>
<button class="btn plus" data-provider="google plus"><span class="i"><i></i></span><span>Google Plus</span></button>
<h3>Sign In</h3>
{!! Form::open(array('url'=>'auth/login','method'=>'POST','id'=>'formLogin')) !!}
<div class="w3-group">
<input type="email" class="w3-input" id="email" name="email" required>
<label class="w3-label w3-text-theme">Email or phone</label>
</div>
<div class="w3-group">
<input type="password" class="w3-input" id="password" name="password" required>
<label class="w3-label w3-text-theme">Password</label>
</div>
<label class="w3-checkbox">
<input type="checkbox" id="remember" name="remember">
<div class="w3-checkmark"></div> Stay Logged In
</label>
<div class="w3-group"><a href="password/email"> Forgot Your Password ?</a></div>
<button id="signInSubmit" type="submit" class="w3-btn w3-theme">Submit</button>
{!! Form::close() !!}
</div>
</div>
Steps I followed and analysed problem
I have found answer by self. Actually it's not a problem. It happens when a session has been generated for the system after being logged in.
You need to get logged out from application.
That's it.
