I've noticed that when I open my app and don't do anything for like 2 hours the csrf token expires. Since the session is still valid I'd like to know if there's a best pratice to automatically refresh all csrf tokens of my forms.
I found the following for handling these exceptions https://gist.github.com/jrmadsen67/bd0f9ad0ef1ed6bb594e
However, I'd love to skip that redirect.
Is there anything wrong with creating a script that calls the backend every hour or so to fetch a new token and then refresh all _token inputs using jquery?
setInterval(function(){
// add ajax stuff here
$('input[name=_token]').val(new_token);
}, 1800000);
You should check out Laravel Caffeine.
It does exactly what you're after, by keeping forms alive and able to be submitted after being left to sit for extended periods of time.