I'm using Laravel's CSRF protection on my public site. However since Laravel uses a session to maintain this, I'm worried that a user might walk away from their computer and return to a page they have previously left open, only to find ajax requests don't work. The ajax requests don't work because the session has timed out (and the token no longer validates?). If these users were "logged in" users, then I could simply redirect them back to the login page. Since they are public users, then the user is forced to refresh the page to get it back working (awkward).
还是我错了?CSRF令牌是否仍会得到Laravel的验证(即使在会话超时后,页面仍将通过令牌发送……但Laravel将如何处理它?).一个最佳的解决方案是让令牌部分基于时间戳,这样我们就可以在会话时间限制之外给出令牌的到期限制.我可以让我的CSRF token 持续2天(因此只有离开2天的用户才会返回死页).
最后,这就引出了我的问题:Where is the specific code in the Laravel framework that handles this?我目前正试图找到它.此外,是否有一个简单的替代我可以做,或者我留下来创建我自己的版本的csrf_token();
输出到我的网页,然后我需要创建我自己的路由过滤器来配合它.