CSRF token mismatch after session timeout #611

denis-ionov · 2023-03-21T08:35:32Z

Question. Is there any way to refresh csrf token automatically (without refresh page) after session expires?

Echo setup:

main.config.globalProperties.$echo = new Echo({
  broadcaster: 'socket.io',
  csrfToken: document.querySelector('meta[name="csrf-token"]')?.getAttribute('content') ?? '',
  key: document.querySelector('meta[name="broadcasting"]')?.getAttribute('content') ?? '',
  host: `${window.location.hostname}:6001`,
  withCredentials: true,
  path: '/ws/',
  auth: {
    headers: {
      Referer: window.location.hostname,
    },
  },
});

Open page, wait until session expires and try broadcast something, got error:

[8:26:38 AM] - dTq1ClUbWthkSvB4mmdw could not be authenticated to private-app.1
2023-03-21 12:26:38 {
2023-03-21 12:26:38     "message": "CSRF token mismatch.",
2023-03-21 12:26:38     "exception": "Symfony\\Component\\HttpKernel\\Exception\\HttpException",
2023-03-21 12:26:38     "file": "/var/www/flikto/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php",
2023-03-21 12:26:38     "line": 383,
2023-03-21 12:26:38     "trace": [
...

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CSRF token mismatch after session timeout #611

CSRF token mismatch after session timeout #611

denis-ionov commented Mar 21, 2023 •

edited

CSRF token mismatch after session timeout #611

CSRF token mismatch after session timeout #611

Comments

denis-ionov commented Mar 21, 2023 • edited

denis-ionov commented Mar 21, 2023 •

edited