Does Laravel Sets A Cookie For CSRF Token
I want to get CSRF token from cookie that laravel set with XSRF-Token key. (as described here)
but I think this cookie contains something else as its length is quite larger then a normal Laravel CSRF Token.
Also, I think there is some problem with my laravel App. because it sends two set-cookie headers in response.
Here is what laravel sends in set-cookie response headers.
Set-Cookie: dsss=eyJpdiI6InFQQjdtUDN0TG1NZTNqZjZaY3MwMXc9PSIsInZhbHVlIjoiR2hzaVwvUTJlQ28yTTVqVFJUeG5QcDBINnRcLzB6VEZpXC9MSGRnQktaRHNCY0U4SFwvQ01DZ0hJYVZrcjFMT21jaE5obkpMTUVTM1Eyc0pPRzhTdkJcL2ZYUT09IiwibWFjIjoiZDI5ZGQxMjYyZjZmN2MyMjk5YzFmNmVjNDRhNjkwY2VhNGRjZjBhN2E0NWM1MTFmYjVhMjA2Y2YzYmU3ZjFiMCJ9; expires=Mon, 18-Jun-2018 08:51:39 GMT; Max-Age=7200; path=/; HttpOnly
Set-Cookie: XSRF-TOKEN=eyJpdiI6Im4ra21yZlFGRWZjZ2YrQjE5WVdUMXc9PSIsInZhbHVlIjoiRlQ0ZHFaVk9idEY2K3hEV3hxSExsZjNKZ080cjhiTFEwdGZFK3RaOGgxOSs3dHNLRmRhcThZVFwvZ3J2ZFpxdG1VYjY2UjBobzEraTNZRm1Ha1ZUeGtRPT0iLCJtYWMiOiI5YzAzNWFhMjE0ZjBiYTM4MzE2OTFkNDYyYmZlYTc4NzdjNjc1YmMxODZkYzliZTkzZDI0MjQ3NzY4YjhhMmNlIn0%3D; expires=Mon, 18-Jun-2018 08:51:39 GMT; Max-Age=7200; path=/
Also, I renamed laravel_session cookie to dsss.
I can not use meta tags to store cookies because all my html is being cached. But I can send fresh response headers.
Updated
I've renamed laravel_session back to its original name, But it still sends two set-cookie headers.
Set-Cookie: XSRF-TOKEN=eyJpdiI6IlhRRUt3SDIrUXc0UGpSRVB0b1ZBUEE9PSIsInZhbHVlIjoiMWtsckVTZ2JRWlNXaXBkWG96WFhsMG00bVFBOHMxSUFaTGEwMlZtMkZPYmdZdks4bWpKTjdURktBanhBNjhsQUZTb1BFaVNacEkySDFOQTRCTUw1RUE9PSIsIm1hYyI6IjlkNTVjODdkMTQwYTQ3ZTkxOTNjYjljZDc3NTU3MjE5MTg2OTM5ODhjOTg0YjE0ODYyZjBhNzc1YTkzOWIxZDAifQ%3D%3D; expires=Mon, 18-Jun-2018 10:37:42 GMT; Max-Age=7200; path=/
Set-Cookie: laravel_session=eyJpdiI6ImNxOTdCNkIydmFHbmlYRFVnYUdlb2c9PSIsInZhbHVlIjoiOUFWWmc5QkFGV1RrWUp6TzlNTUFaWFhhaFUyd0tyYTlFeE9XZWhRUzZ1ZnNHZTJDK3paRmtWdkNOQ1FERmVJKzNxVjZRMGRHemRjSXZMWU1sK1R6T0E9PSIsIm1hYyI6IjYyYjBlNTgwNDY0NzYxNjVlOWQ0MWE2NDFiYWU2NjI1NWUwYjY2MTAyNmYyNmZhOGU2ZGE1NDg3ZGQ1YjljMmEifQ%3D%3D; expires=Mon, 18-Jun-2018 10:37:42 GMT; Max-Age=7200; path=/; HttpOnly
Answer
As per the docs:
This cookie is primarily sent as a convenience since some JavaScript frameworks and libraries, like Angular and Axios, automatically place its value in the X-XSRF-TOKEN header.
Related Questions
- → "failed to open stream" error when executing "migrate:make"
- → October CMS Plugin Routes.php not registering
- → OctoberCMS Migrate Table
- → OctoberCMS Rain User plugin not working or redirecting
- → October CMS Custom Mail Layout
- → October CMS - How to correctly route
- → October CMS - Conditionally Load a Different Page
- → Make a Laravel collection into angular array (octobercms)
- → In OctoberCMS how do you find the hint path?
- → How to register middlewares in OctoberCMS plugin?
- → Validating fileupload(image Dimensions) in Backend Octobercms
- → OctoberCMS Fileupload completely destroys my backend
- → How do I call the value from another backed page form and use it on a component in OctoberCms