问题
I run the php artisan make:auth command and I will explain step by step what I do after that to understand the scenario,
- Login to a new session (example.com/home)
- opened a new tab and paste the url, ie example.com/home.
- Now 2 tabs are open with the same session.
- I clicked logout from one of the tab and it works perfectly fine
- Then when I tried to logout from the other tab, it's giving me an error saying "419 Page Expired" and it is going nowhere even after reloading.
The thing is, these kind of scenarios may arise, and I don't want to see this error message, just logout after clicking logout, even if the session is expired.
Note: This issue is not because of not adding @csrf
回答1:
Well that's an obvious message you can maybe try to make a better layout for that page, but still it is good to show it so the user knows what happened. If you want to handle it differently you can try to redirect to the login page.
So in your app\Exceptions\Handler.php file within the render method add this:
if ($exception instanceof \Illuminate\Session\TokenMismatchException) {
return redirect()->route('login');
}
回答2:
IMHO you can try to modify your app/Http/Middleware/VerifyCsrfToken.php file.
Edit the the $except property with something like this:
class VerifyCsrfToken extends Middleware
{
protected $except = [
'http://example.com/logout',
];
回答3:
<a href="{{ route('logout') }}" class="dropdown-item notify-item"="event.preventDefault(); document.getElementById('logout-form').submit();">
<i class="fa fa-power-off"></i> <span>{{ __('Logout') }} </span>
</a>
<form id="logout-form" action="{{ route('logout') }}" method="POST" style="display: none;">
@csrf
</form>
You have missed the @csrf in you logout form, so only you getting Error 419
回答4:
In a Laravel 6 project, I ended up modifying the VerifyCsrfTokenMiddleware as follows
As you will see, I simply added the logout named route to list of exclusion.
I overridden the __construct function because we cannot use route() function when initializing a new variable
<?php
namespace App\Http\Middleware;
use Illuminate\Contracts\Encryption\Encrypter;
use Illuminate\Contracts\Foundation\Application;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware
{
/**
* Indicates whether the XSRF-TOKEN cookie should be set on the response.
*
* @var bool
*/
protected $addHttpCookie = true;
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
];
/**
* Create a new middleware instance.
*
* @param \Illuminate\Contracts\Foundation\Application $app
* @param \Illuminate\Contracts\Encryption\Encrypter $encrypter
* @return void
*/
public function __construct(Application $app, Encrypter $encrypter)
{
parent::__construct($app, $encrypter);
$this->except = [
route('logout')
];
}
}
来源:https://stackoverflow.com/questions/57094725/laravel-5-8-showing-419-page-expired-after-clicking-logout-from-an-already-cle