tlaverdure/laravel-echo-server

CSRF token mismatch after session timeout

denis-ionov opened this issue · 0 comments

denis-ionov commented

Question. Is there any way to refresh csrf token automatically (without refresh page) after session expires?

Echo setup:

main.config.globalProperties.$echo = new Echo({
  broadcaster: 'socket.io',
  csrfToken: document.querySelector('meta[name="csrf-token"]')?.getAttribute('content') ?? '',
  key: document.querySelector('meta[name="broadcasting"]')?.getAttribute('content') ?? '',
  host: `${window.location.hostname}:6001`,
  withCredentials: true,
  path: '/ws/',
  auth: {
    headers: {
      Referer: window.location.hostname,
    },
  },
});

Open page, wait until session expires and try broadcast something, got error:

[8:26:38 AM] - dTq1ClUbWthkSvB4mmdw could not be authenticated to private-app.1
2023-03-21 12:26:38 {
2023-03-21 12:26:38     "message": "CSRF token mismatch.",
2023-03-21 12:26:38     "exception": "Symfony\\Component\\HttpKernel\\Exception\\HttpException",
2023-03-21 12:26:38     "file": "/var/www/flikto/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php",
2023-03-21 12:26:38     "line": 383,
2023-03-21 12:26:38     "trace": [
...