When I send many fast async AJAX request (because I have a filter for a DataTable) to one of my controllers sometimes I get a TokenMismatchException.
I rewrite the tokensMatch method of the VerifyCsrfToken middleware to check what's happen, but I can't figure out.
protected function tokensMatch($request) {
$sessionToken = $request->session()->token();
$token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');
if (!$token && $header = $request->header('X-XSRF-TOKEN')) {
$token = $this->encrypter->decrypt($header);
}
if (!is_string($sessionToken) || !is_string($token)) {
return false;
}
$areEquals = hash_equals($sessionToken, $token);
if (!$areEquals ) {
//////////// Sometimes $sessionToken and $token are not equals.
//////////// $sessionToken have a different value than the current ANTI-CSRF token.
dd($sessionToken." - ".$token);
}
return $areEquals;
}
The problem I see is which $sessionToken is different than $token (the token I have send on the X-CSRF-Token header).
I set this request header as follow:
$.ajaxSetup({
beforeSend: function (xhr, settings) {
//////////// Only for my domain (I have commented this line; But it is not the cause of the issue)
if (settings.url.indexOf(document.domain) >= 0) {
//////////// The #X-CSRF-TOKEN is updated every five minutes.
//////////// But it is not the cause of the issue too,
//////////// because sometimes it works, sometimes it does not —I do not understand the reason— and then it does it again (without changing the token)...
xhr.setRequestHeader("X-CSRF-Token", $("#X-CSRF-TOKEN").val());
}
}
});
By the way, I moved all the web middleware's to $middleware from $middlewareGroup... But I thinkg this is not the cause of the issue; because before move those middlewares it also happened...
Any idea what may be happening?
My Laravel version is 5.2.45
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire