Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSRF token regenerates every few seconds #22789

Closed
edalati opened this issue Jan 15, 2018 · 2 comments
Closed

CSRF token regenerates every few seconds #22789

edalati opened this issue Jan 15, 2018 · 2 comments

Comments

@edalati
Copy link

edalati commented Jan 15, 2018
edited

  • Laravel Version: 5.5.28
  • PHP Version: 7.1.3
  • OS: Windows 10
  • Database Driver & Version: MySQL 5.7
  • Session Driver: MySQL
  • Timezone: UTC
  • Session config is the framework default.

Description:

I'm sending a post request to an existing route and redirecting back with a session message.
The csrf token regenerates every time i repeat the request or every few seconds, Making the one present in the form invalid.

Update:

A fresh laravel installation has the same problem with login form.

issue

Controller Method:

public function store(Request $request)
{
    $this->validate($request, [
        'username' => 'required'
    ]);
    $username = $request->get('username');

    // check for duplicate
    $exists= ChannelRequest::where('username', $username)
        ->where('user_id', auth()->id())->exists();
    
    if ($exists) {
        return back()->with('message', 'Duplicate request.');
    }

    auth()->user()
        ->requests()
        ->create($request->only('username'));
    
    return back()->with('message', 'Success.');
}

Form:

<form class="form-horizontal" method="POST" action="{{ route('requests.store') }}">
{{ csrf_field() }}

    <div class="form-group{{ $errors->has('username') ? ' has-error' : '' }}">
        <label for="username" class="col-md-4 control-label">Username: </label>

        <div class="col-md-6">
            <input id="username" type="username" class="form-control" name="username" value="{{ old('username') }}" autofocus dir="ltr">

            @if ($errors->has('username'))
                <span class="help-block">
                    <strong>{{ $errors->first('username') }}</strong>
                </span>
            @endif
        </div>
    </div>

    <div class="form-group">
        <div class="col-md-8 col-md-offset-4">
            <button type="submit" class="btn btn-success">
                Send
            </button>
        </div>
    </div>
</form>
@edalati edalati changed the title CSRF-TOKEN regenerates when redirecting back to a form CSRF-TOKEN Regenerates when redirecting back to a form Jan 15, 2018
@edalati edalati changed the title CSRF-TOKEN Regenerates when redirecting back to a form CSRF Token Regenerates on each request or every few seconds Jan 16, 2018
@edalati edalati changed the title CSRF Token Regenerates on each request or every few seconds CSRF token regenerates every few seconds Jan 16, 2018
@rodrigopedra
Copy link
Contributor

I had the same problem when developing in windows using the built-in serve artisan command. It was due to some security directives from my employer's company AD.

I couldn't fix it. Installing the fork for laravel valet for windows worked for me then.

@edalati
Copy link
Author

edalati commented Jan 27, 2018

I updated my PHP version to 7.1.13 and it fixed the problem.

I'll close this in a couple of days if nobody is interested but the Windows specific bug is still in there!
At least i hope it's a windows specific bug.

Thanks for the help @rodrigopedra.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@themsaid @edalati @rodrigopedra