HttpException when deleting session storage after logout

174 views Asked by At

I'm experiencing a bug where if I log out and then delete the session from the framework storage, it is throwing the following:

"message": "",
"exception": "Symfony\\Component\\HttpKernel\\Exception\\HttpException",
"file": "C:\\wamp64\\www\\leadbind\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Exceptions\\Handler.php",
"line": 203,

This is frustrating because it gives no indication as to what the issue is. Other than this bug, my login/logout works flawlessly.

Why is this happening? I am also using the AuthenticateSession middleware. This is an issue because when someone re-opens their browser after 2 hours and tries to log in they get this error every time.

Edit: upon further investigation, it looks like this is due to a TokenMismatchException. Why is this happening at all?

1

There are 1 answers

0
jlos On

TokenMismatchExceptions happen when your CSRF has outlived it's time. This is to counter malicious content of being sent to your web application when someone got a hold of the CSRF token because the page was still open for example. You can checkout Laravel Caffeine on how to make those tokens refresh easily or refresh the page yourself in the front-end when receiving such an error.

This error happens a lot on all sorts of web applications, you'll probably have had the message "this page has been open for too long" or "please refresh" or getting a "log in" pop-up after you've left the application open for a night or so. Those mechanisms are (sometimes) because of the application needing a fresh token.