PHP Tutorial: PayPal Instant Payment Notification (IPN) | Geekalityphp - Laravel 4 - Illuminate \ Session \ TokenMismatchException - Stack Overflow
to customize your list.
Join the Stack Overflow Community
Stack Overflow is a community of 6.6 million programmers, just like you, helping each other.
J it only takes a minute:
I'm trying to log-in into the application.
I got this error
Route::post('/login','AuthController@postLogin');
I've tried
dd('HERE') inside the controller, I don't see anything print out.
I've not work on Laravel 4 project for a while now, what should I look in order to by pass this error ?
7,265103579
first use the a filter that passed the correct csrf_token
Route::post('register', array('before' =& 'csrf'));
then add the input token in your form submit
&input type="hidden" name="_token" value="&?php echo csrf_token(); ?&
Your Answer
Sign up or
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Post as a guest
By posting your answer, you agree to the
Not the answer you're looking for?
Browse other questions tagged
rev .24712
Stack Overflow works best with JavaScript enabledHTTP路由实例教程（三）—— CSRF攻击原理及其防护
这篇文章对我很有帮助
这篇文章对我很有帮助
学院君 has written
资深PHP工程师，Laravel学院院长laravel TokenMismatchException in ajax request [laravel tokenmismatchexception Ajax请求] - 问题-字节技术
laravel TokenMismatchException in ajax request
laravel tokenmismatchexception Ajax请求
问题 (Question)
i'm using resource group and use this filter to resolve TokenMismatchException problem:
Route::filter('csrf', function($route, $request) {
if (strtoupper($request -& getMethod()) === 'GET') {
// get requests are not CSRF protected
$token = $request -& ajax() ? $request -& header('X-CSRF-Token') : Input::get('_token');
if (Session::token() != $token) {
throw new Illuminate\Session\TokenMismatchE
my route :
Route::group(array('prefix'=& 'admin', 'before' =& 'csrf'), function(){
Route::resource('profile' , 'ProfileController', array('as'=&'profile') );
now. i get error to Ajax requests such as this code:
&script type="text/javascript"&
$(document).ready(function() {
$('#frm').submit(function(e){
e.preventDefault();
= $('#name').val();
= $('#family').val();
= $('#email').val();
currPassword = $('#currPassword').val();
= $('#password').val();
password_confirmation = $('#password_confirmation').val();
$.post("{{ route('admin.profile.update', $profile-&id) }}",
_method : 'PUT',
currPassword
: currPassword,
: password,
password_confirmation : password_confirmation
function(data)
alert(data.errors.name);
},'json');
{"error":{"type":"Illuminate\\Session\\TokenMismatchException","message":"","file":"\/var\/www\/alachiq\/app\/filters.php","line":83}}
i think i'm must be sent _token in $.post. but i can not get input tag with name attribute. iget this error:
TypeError: 'stepUp' called on an object that does not implement interface HTMLInputElement.
我使用的资源组和使用该滤波器来解决TokenMismatchException问题：Route::filter('csrf', function($route, $request) {
if (strtoupper($request -& getMethod()) === 'GET') {
// get requests are not CSRF protected
$token = $request -& ajax() ? $request -& header('X-CSRF-Token') : Input::get('_token');
if (Session::token() != $token) {
throw new Illuminate\Session\TokenMismatchE
我的路线：Route::group(array('prefix'=& 'admin', 'before' =& 'csrf'), function(){
Route::resource('profile' , 'ProfileController', array('as'=&'profile') );
现在天气我得到错误给Ajax请求这样的代码：&script type="text/javascript"&
$(document).ready(function() {
$('#frm').submit(function(e){
e.preventDefault();
= $('#name').val();
= $('#family').val();
= $('#email').val();
currPassword = $('#currPassword').val();
= $('#password').val();
password_confirmation = $('#password_confirmation').val();
$.post("{{ route('admin.profile.update', $profile-&id) }}",
_method : 'PUT',
currPassword
: currPassword,
: password,
password_confirmation : password_confirmation
function(data)
alert(data.errors.name);
},'json');
错误：{"error":{"type":"Illuminate\\Session\\TokenMismatchException","message":"","file":"\/var\/www\/alachiq\/app\/filters.php","line":83}}
我想我必须发送_token在$.post。但我不能得到input标签name属性。我这个错误：TypeError: 'stepUp' called on an object that does not implement interface HTMLInputElement.
最佳答案 (Best Answer)
You have to insert a hidden input with the _token and later get that value as you do to get the other form fields in your ajax post.
&input type="hidden" name="_token" value="{{ csrf_token() }}" /&
An another method,
On your view you can set an object with the _token
&script type="text/javascript"&
var _globalObj = {{ json_encode(array('_token'=& csrf_token())) }}
and later on your ajax call you can get the _token from the object like this:
var token = _globalObj._
and include it on your ajax post.
你必须插入一个隐藏的输入与_token后来得到的值作为你在你的Ajax后得到其他形式的领域。&input type="hidden" name="_token" value="{{ csrf_token() }}" /&
另一种方法，你的观点可以用_token对象集&script type="text/javascript"&
var _globalObj = {{ json_encode(array('_token'=& csrf_token())) }}
后来你的Ajax调用可以从对象得出这样的_token：var token = _globalObj._
包括在您的Ajax后。
本文翻译自StackoverFlow，英语好的童鞋可直接参考原文：