Using Laravel Spark (or any Laravel login form with CSRF protection), if a user leaves the login page open for a period of time (like, say, leaving the window open at work and returning to it later) and then attempts to login, they're presented with an error.
Whoops, looks like something went wrong.
(1/1) TokenMismatchException in VerifyCsrfToken.php (line 68)
This makes sense, as CSRF tokens are date/time sensitive. However, the user experience here is less than ideal.
Before we go reinventing the wheel. Is there any Laravel Standard Practice™ for providing a better user experience around this? Or does everyone just roll their own CSRF middleware/middlewares that fails in a more friendly way?
This is changing in Laravel 5.5. The TokenMismatchException is now producing a more elegant error page informing the user that the page has expired due to inactivity and advising them to refresh and try again.
So what you're doing is probably the Laravel Standard Practice™ now :)
来源:https://stackoverflow.com/questions/45575735/laravel-spark-csrf-failure-on-login-page