Why is my CSRF token empty when using Form::open()?

Question

I am just starting out so please forgive me. I have a solid grasp on CodeIgniter, so I understand what is going on. However, I am noticing that my CSRF token is empty w

Answer 1

The Laravel Fundamental series is for Laravel 5.0 so you have a few options. You can install Laravel 5.0 to continue with that series. In order to install L5.0, you need to run this command:

composer create-project laravel/laravel {directory} "~5.0.0" --prefer-dist

If you want to use Laravel 5.2 though (which I would recommend and Jeffrey Way will most likely release a series on this soon), there are several extra things to take into consideration.

First, put all your routes inside a "web" middleware group like this:

Route::group(['middleware' => ['web']], function () {

    // Put your routes inside here

});

In the past, there were several middlewares that ran on every request by default. In 5.2, this is no longer the case. For example, the token is stored in the session, but in 5.2, things like the "StartSession" middleware are not automatically applied. As a result, the "web" middleware need to be applied to your routes. The reason for this change in 5.2:

Middleware groups allow you to group several route middleware under a single, convenient key, allowing you to assign several middleware to a route at once. For example, this can be useful when building a web UI and an API within the same application. You may group the session and CSRF routes into a web group, and perhaps the rate limiter in the api group.

Also, in the Laravel Fundamental series, Jeffrey pulls in the "illuminate/html" package, but now, most people use the laravel collective package. They handle a lot of the Laravel packages that are taken out of the core. As a result, I would remove the "illuminate/html" package. In your composer.json file, remove "illuminate/html: 5.0" (or whatever is in the require section). Also, remove the corresponding service provider and form facades that you added to your config/app.php file.

To install the laravel collective version, add this in your composer.json file instead: "laravelcollective/html": "5.2.*-dev". Then, run composer update. Once that's done, in your config/app.php file, add this to your providers array:

Collective\Html\HtmlServiceProvider::class,

and add this to your aliases array:

'Form' => Collective\Html\FormFacade::class,
'Html' => Collective\Html\HtmlFacade::class,

I hope I'm not missing anything else.

Answer 2

I have solved the issue of HtmlService provider actually 5.2 version removed Illuminate and add collective follow the step to solve the issue:

1. composer require laravelcollective/html
2. composer update
3. add in config/app.php

'providers' => ['Collective\Html\HtmlServiceProvider'], 'aliases' => [ 'Form' => 'Collective\Html\FormFacade', 'Html' => 'Collective\Html\HtmlFacade', ],

Then you are able to use that form.

Answer 3

If you have a login page and you want to clear out the session using:

Session::flush();

Don't forget that this also cleans out the csrf token before it can be put in the view

Answer 4

This is a config issue .You need to set the app key in your config file ...config/app.php to a 32 character string or use artisan cli php artisan key:generate to genearte the key for you to be able to use the CSRF token .

Also make sure that you include routes that use the CSRF token in the web group route .

You may exclude URIs by defining their routes outside of the web middleware group that is included in the default routes.php file, or by adding the URIs to the $except property of the VerifyCsrfToken middleware: http://laravel.com/docs/5.2/routing#csrf-protection

Answer 5

It should be

{!! Form::open((array('action' => 'MyController@method')))  !!}
    ...
 {!! Form::close() !!}