Friday, 15 April 2011

ajax - CSRF _token value refresh in a login form -


I have a login form with Ajax In a specific case, after logging in user, let me call them Logging out with Auth :: logout () and displaying an additional modal box is required. It all happens with the page reload.

When login modal is opened and resubmitted, I get a token mismatch error . The reason for this is that in the logout, the use of session :: flush () is used. After this, the _token session variable is refreshed, while the _token input in the login code remains the same (due to lack of due to page reload).

How can I refresh the CSRF _token in the entry form, so it refreshes the session in a safe way?

When your entry is entered through ajax, your server may be able to respond to some type of feedback Is sending back so that the login to the browser can be successful. You should send back the new CSRF token with this feedback so that you can update the form client-side (with Javascript).

To provide more details (how to update the form field, for example) we will need to see more of your code.


No comments:

Post a Comment