3

I followed this tutorial on creating a registration and login page using Laravel.

Everything works smoothly, the only issue is that I am unable to Login. If I provide the wrong username/password, it correctly gives me an error message. But if I use the right credentials, I get the following error -

Illuminate \ Session \ TokenMismatchException

This is my (default) csrf function -

Route::filter('csrf', function()
{
    if (Session::token() != Input::get('_token'))
    {
        throw new Illuminate\Session\TokenMismatchException;
    }
});

This is the form action -

{{ Form::open(array('url'=>'signin', 'class'=>'form-signin')) }}

And this is the relevant portion of my UsersController

public function __construct() {
$this->beforeFilter('csrf', array('on'=>'post'));
$this->beforeFilter('auth', array('only'=>array('getDashboard')));

}
public function postSignin() {
       if (Auth::attempt(array('email'=>Input::get('email'), 'password'=>Input::get('password')))) {
            return Redirect::to('dashboard')->with('message', 'You are now logged in!');
        } else {
            return Redirect::to('login')
            ->with('message', 'Your username/password combination was incorrect')
            ->withInput();
    }  
}

public function getDashboard() {
    $this->layout->content = View::make('users.dashboard');
}
Laurence
  • 58,936
  • 21
  • 171
  • 212
Sainath Krishnan
  • 2,089
  • 7
  • 28
  • 43

6 Answers6

4

Laravel makes a quite esoteric use of sessions, and when the user cookie and the user salt in stored in the database disalign for some reason (for example, when you re-seed your user table), you get a Token Mismatch Exception without further explanation.

If that's the case, just delete your cookies.

tacone
  • 11,371
  • 8
  • 43
  • 60
1

I had this problem on login also. From time to time this exception occurred so I stop and tried to reproduce it. I succeed by doing this:

First I load the login page.

Then I deleted the cookies.

Then, without reloading the login page, I entered username and password and tried to login.

Because session was deleted (when I deleted the cookies), it was normal that this code was not going to pass and it will throw the TokenMismatchException.

Route::filter('csrf', function() {
    if ( Session::getToken() != Input::get('_token')) {
        throw new Illuminate\Session\TokenMismatchException;
    }
});

So, what I've done to solve my problem was to add a redirect to login page with a message to inform the user that the session might expired.

Route::filter('csrf', function() {
    if ( Session::getToken() != Input::get('_token')) {
        return Redirect::to('/admin/login')->with('warning', 'Your session has expired. Please try logging in again.');
    }
});

Thus, after page reloading, a new session is created and the problem is solved.

Radu Pacurar
  • 36
  • 3
1

/config/session.php set that info 'expire_on_close' => true, save and load again ur site you wont get anymore the issue with Token Mismatch Exception on Login

creed06
  • 11
  • 1
1

Check your route:list to see if Login is protected by web middleware. In my case, I made mistake by adding web middileware to login route where it should be guest middleware.

Phạm Tiến Thành
  • 11
  • 1
0

I had this problem, it was caused by no free disk space.

Get some space and try to login again.

Vítor Ávila
  • 11
  • 3
0

I added the following code to app\Exceptions\Handler.php to help clarify the error for the end-user, in addition to setting session to expire on close, as mentioned in this thread.

    protected function prepareException(Exception $exception)
    {
        if ($exception instanceof TokenMismatchException) {
            return new HttpException(
                419,
                "{$exception->getMessage()}. Please clear your browser cookies and try again.",
                $exception
            );
        }

        return parent::prepareException($exception);
    }
mike.bronner
  • 1,203
  • 1
  • 20
  • 39