I created a webshop using Laravel and everything has been going smoothly until recently I started getting TokenMismatchExceptions.
The users are able to log in without any problems. The issue occurs whenever a user tries to add an item to the shopping-cart. I didn't really change anything on the page, and it seems that this started to occur by it self. The only thing I did to the server was clearing the cache. Could this cause the issue to occur?
All my controllers start with:
public function __construct() {
parent::__construct();
$this->beforeFilter('csrf', array('on'=>'post'));
}
My sessions config is set up like this:
/*
|--------------------------------------------------------------------------
| Default Session Driver
|--------------------------------------------------------------------------
|
| This option controls the default session "driver" that will be used on
| requests. By default, we will use the lightweight native driver but
| you may specify any of the other wonderful drivers provided here.
|
| Supported: "file", "cookie", "database", "apc",
| "memcached", "redis", "array"
|
*/
'driver' => 'file',
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => 15,
'expire_on_close' => false,
Am I using the csrf filter wrong? I can't seem to find a solution to this issue.
-EDIT-
I tried taking off my csrf filters from the controllers, and now the user gets automatically logged off when adding an item to the shopping-cart (I guess this is the problem).
Related
I use laravel jetstream, and I would like to redirect user to a specific route /admin/produit after login.
change this line in RouteServiceProvider.php
public const HOME = '/';
to
public const HOME = '/admin/produit';
Laravel Fortify is what is used in Jetstream, you can change the default location of redirects after login in your config/fortify.php
/*
|--------------------------------------------------------------------------
| Home Path
|--------------------------------------------------------------------------
|
| Here you may configure the path where users will get redirected during
| authentication or password reset when the operations are successful
| and the user is authenticated. You are free to change this value.
|
*/
'home' => RouteServiceProvider::HOME,
Alternatively you can set this during runtime with Config::set("fortify.home").
Furthermore if you need really complex behavior you can change entire Fortify Reponse class:
https://talltips.novate.co.uk/laravel/laravel-8-conditional-login-redirects
I have a problem with hiding the programming Language (Laravel 5.5) of my website
I tried a lot of different ways but did not get any result.
I changed my session config/session.php:
'cookie' => env(
'SESSION_COOKIE',
str_slug(env('APP_NAME', 'laravel'), '_').'_session'
),
but it hasn't worked.
If you do not want to show the programming language of your Website in Chrome extensions then you have to change the setting in php.ini
change expose_php = On
to
expose_php = off
You can also tweak it in your .htaccess.
Hope it helps.
You may need this basically for security reasons. When somebody installed this plugin (https://wappalyzer.com/download) on the browser, s/he can see all the frameworks and javascript libraries among other things.
So hide framwork name from plugin , just go in config/session.php file and edit bellow code
/*
|--------------------------------------------------------------------------
| Session Cookie Name
|--------------------------------------------------------------------------
|
| Here you may change the name of the cookie used to identify a session
| instance by ID. The name specified here will get used every time a
| new session cookie is created by the framework for every driver.
|
*/
'cookie' => env(
'SESSION_COOKIE',
str_slug(env('APP_NAME', 'yourname_that_you_want_to_add'), '_').'_session'
),
simple question here. In my laravel config/session.php I have changed the lifetime value from the default 2 hours to this:
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => 1440,
'expire_on_close' => true,
/*
However, even though this is what I have on my server, it still sticks to the default 2 hour session. I can verify this by seeing the cookie laravel_session which always maxes out in 2 hours.
What am I missing? Is there a separate configuration file or value I need to change to apply my new lifetime?
Edit: Well apparently you can't expect both the lifetime and the expire_on_close option to both be operating at the same time because they utilize two different types of cookies, but I still don't understand why if I have the expire_on_close set to true why my cookie is expiring in 2 hours rather than when the browsing session ends?
php artisan config:cache applies changes to the configuration files!
Sometimes when i bring changes in CSS or in HTML contents or maybe controllers, i refresh many times but the change not applies in the app and it still looks like the past. Does anyone faced this problem? or how i'm going to solve this issue?
If you're not using PSR-4 autoloading. You'll need to reflect new controllers with $ composer dump-autoload -o (note the -o optimises the class-mapping).
Other than that, are you behind any caching drivers?
For good measure, change the following in your development cache config(\app\config\development\cache.php) (Don't have a development folder? Read this) as well:
<?php
return array(
/*
|--------------------------------------------------------------------------
| Default Cache Driver
|--------------------------------------------------------------------------
|
| This option controls the default cache "driver" that will be used when
| using the Caching library. Of course, you may use other drivers any
| time you wish. This is the default when another is not specified.
|
| Supported: "file", "database", "apc", "memcached", "redis", "array"
|
*/
'driver' => 'file',
Laravel will store all your cache files in the following folder: app\storage\cache and view caches in: app\storage\view. Clear both when necessary.
When we receive mail from our website, through CodeIgniter first then Google Apps (mailer) - the date in the header is 7 hours behind the real time.
We've checked the server time, and it is correctly set.
Has anyone experienced this problem?
Thanks!
It may have something to do with this setting in system/application/config/config.php:
/*
|--------------------------------------------------------------------------
| Master Time Reference
|--------------------------------------------------------------------------
|
| Options are "local" or "gmt". This pref tells the system whether to use
| your server's local time as the master "now" reference, or convert it to
| GMT. See the "date helper" page of the user guide for information
| regarding date handling.
|
*/
$config['time_reference'] = 'local';