🤹
TALL Stack Tips
  • What is TALL Stack
  • Tailwind
    • Tailwind Resources
    • Swinging Bell Notification Icon
    • Styled Unordered Lists
  • Alpine
  • Alpine Resources
  • Tabbed Content Using Alpine JS
  • Checkbox component with SVG tick
  • Dropdown animation
  • Create a Sliding Puzzle Captcha
  • Laravel
    • Tabler Icons Component
    • Password-less Login with Laravel 8+
    • Password-less Login with Magic Link in Laravel 8
    • Laravel Resources
    • Laravel Breeze Login Conditional Redirect
    • Jetstream Login Conditional Redirect
    • Simplify Laravel CRUD Controllers
    • CSRF and expired login forms
    • CSRF and expired logout forms
    • Add your own logo to Laravel Mail
    • Specify a different mail theme for Notifications
    • Show custom page when email verification link expired
    • Using a mutator to save currency
    • Using Spatie Valuestore to hold frequently accessed settings
    • Using the old() helper
    • Alternatives to using Eloquent Accessor
    • UpdateOrCreate may not update timestamp
    • Use of lockForUpdate()
    • Using S3
    • Super Simple User Based Feature Flags
    • Installing a Specific Version of Laravel
    • Versioning your Laravel Project
    • CSS Cache Busting with your Git Commit SHA
    • Adding column to Database Notifications table
    • Find nearby locations using the Haversine formula in Eloquent query
    • Using Queues on Shared Hosting with Laravel
    • Create Guaranteed Unique Invoice Number in Laravel
    • Send Notification to all team members
    • Protect Staging site with Basic Auth
    • Working with Enums
    • PHP DateTime formatting cribsheet
  • Livewire
    • Livewire Resources
    • Naming Livewire Components
    • Dynamic Cascading Dropdown with Livewire
    • Hiding a button after click
    • Working with Javascript Components
    • SweetAlert2 with Livewire
    • Select Multiple or Checkboxes
    • Clearing checkboxes in Livewire
    • Livewire File Uploads Using S3
    • Simple Log File Viewer
  • Related Resources
    • Testing resources
    • When Composer runs out of memory
    • Deployment
    • Security
    • Scheduler & Cron tips
    • LastPass tips
    • Using Git
    • VSCode Tips
    • Markdown
    • Cpanel resources
Powered by GitBook
On this page

Was this helpful?

  1. Laravel

CSRF and expired login forms

How to handle a page with a login form that will expire

PreviousSimplify Laravel CRUD ControllersNextCSRF and expired logout forms

Last updated 1 year ago

Was this helpful?

If your homepage contains a login form, or a modal with login, then when the session ends (by default, after 2 hours) then the csrf token is no longer valid and the user sees a page expired warning after they have filled out their login details.

We can work around this with a simple addition to the <head> of the main layout template.

<meta http-equiv="refresh" content="{{ config('session.lifetime') * 60 }}">

This simple line will the page when it gets to the end of the session. The refreshed page will have a new session and a new csrf token. This way, your login form is always valid.

If the user interacts with the site and loads other pages then this refresh will never happen since the timeout is reset each time the page is loaded.

For logged in users, after the session lifetime the page will refresh and they will be returned to the same page, however they will no longer be authorised so will be redirected however the auth middleware is configured.

There is a very small chance that the user goes away and comes back after 1 hour 59 minutes and starts to fill out the login form, part of the way through the page refreshes. This would be a very unlikely coincidence and the user will be no worse off than if the form was stale and failed after they pressed login.

Note that this reload will cause some small additional view count in your analytics

Support the talltips site by purchasing Ash Allen's excellent book

via this link
refresh
Affiliate Link