Laravel catch TokenMismatchException
You can handle TokenMismatchException Exception in App\Exceptions\Handler.php
<?php namespace App\Exceptions;use Exception;use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;use Illuminate\Session\TokenMismatchException;class Handler extends ExceptionHandler { /** * A list of the exception types that should not be reported. * * @var array */ protected $dontReport = [ 'Symfony\Component\HttpKernel\Exception\HttpException' ]; /** * Report or log an exception. * * This is a great spot to send exceptions to Sentry, Bugsnag, etc. * * @param \Exception $e * @return void */ public function report(Exception $e) { return parent::report($e); } /** * Render an exception into an HTTP response. * * @param \Illuminate\Http\Request $request * @param \Exception $e * @return \Illuminate\Http\Response */ public function render($request, Exception $e) { if ($e instanceof TokenMismatchException){ // Redirect to a form. Here is an example of how I handle mine return redirect($request->fullUrl())->with('csrf_error',"Oops! Seems you couldn't submit form for a long time. Please try again."); } return parent::render($request, $e); }}
A Better Laravel 5 Solution
in App\Exceptions\Handler.php
Return the user to the form with a new valid CSRF token, so they can just resubmit the form without filling the form again.
public function render($request, Exception $e) { if($e instanceof \Illuminate\Session\TokenMismatchException){ return redirect() ->back() ->withInput($request->except('_token')) ->withMessage('Your explanation message depending on how much you want to dumb it down, lol!'); } return parent::render($request, $e); }
I also really like this idea:
Instead of trying to catch the exception just redirect the user back to the same page and make him/her repeat the action again.
Use this code in the App\Http\Middleware\VerifyCsrfToken.php
<?phpnamespace App\Http\Middleware;use Closure;use Redirect;use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;class VerifyCsrfToken extends BaseVerifier{ /** * The URIs that should be excluded from CSRF verification. * * @var array */ protected $except = [ // ]; public function handle( $request, Closure $next ) { if ( $this->isReading($request) || $this->runningUnitTests() || $this->shouldPassThrough($request) || $this->tokensMatch($request) ) { return $this->addCookieToResponse($request, $next($request)); } // redirect the user back to the last page and show error return Redirect::back()->withError('Sorry, we could not verify your request. Please try again.'); }}