I'm using laravel 5.4. and I need handle some error.
imagine user logged in and opened two windows (his profile). When user click on logout in a window, we have still logout button in another window, and by clicking on that, laravel will show csrf_token error page.
My logout in not ajax and its with submitting a form to /logout
how can I handle this error with special message or redirect to home without error from logout controller? (not all of csrf_token errors, just from that controller).
logout form :
i will submit this form by clicking on logout button using jquery:
<form id="logout-form" action="/logout" method="POST" style="display: none;">
<input type="hidden" name="_token" :value="token">
</form>
And the logout method in controller :
public function logout(Request $request)
{
$this->guard()->logout();
$request->session()->flush();
$request->session()->regenerate();
return redirect('/');
}
in App\Exceptions\Handler.php
Return the user to the form with a new valid CSRF token, so the page will refreshed and logout button will not exist.
public function render($request, Exception $exception)
{
if($exception instanceof TokenMismatchException)
{
return redirect()
->back()
->with('your msg');
}
return parent::render($request, $exception);
}
this looking like, page was refreshed.
Don't Replace POST with Get. It will not Safe And Standard.
One way is use GET for your logout. In fact use a simple <a href="/logout">logout</a> should be sufficient. So you change your route to use get and you can wave bye to the form.
Although, there might be different opinions about the METHOD to use but truthfully, this is sufficient.
Update
Isn't any way to manage errors just like what i said?
In my opinion, this is the best I would do for now. Otherwise to show special message when someone tries the logout route even though they are logged out, I will just do the following:
public function logout(Request $request)
{
if (!auth()->check()) {
return redirect('/')->with('login_error', 'You are already logged out please login again'); // message can be retrieved in session()
}
$this->guard()->logout();
$request->session()->flush();
$request->session()->regenerate();
return redirect('/');
}
I will still not use post, since I am not creating any resource.
I hope this helps.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 仙女界的扛把子 的文章《how to manage a special error with special message》','https://www.manongdao.com/article-505642.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}