php - TokenMismatch ONLY Certain Browsers - Laravel 5 Fresh/Production -
one example browser: ie 11: mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; rv:11.0) gecko
session started @ 22:46:56. fills out form. submits form @ 22:53:18, gets tokenmismatchexception
. 6 minutes later.
session started:
apr 02 22:46:56 production.info: session {"start":1428040016,"id":"8040cc779df0330855f8fa30483af63557aaf9c4","token":"l3nu4ehsev5w1ixy86g18fsgnvs6sacdnjtuz5qv","ip":"74.xx","method":"get","url":"https://sub.domain.com/place-st","ua":"mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; rv:11.0) gecko"} []
user submits form 6 minutes later:
apr 02 22:53:18 production.debug: request session token: 8l3pba9albvbcrvipm5wntl7bp0slsirjcakfwzh [] [] apr 02 22:53:18 production.debug: request input _token: l3nu4ehsev5w1ixy86g18fsgnvs6sacdnjtuz5qv [] [] apr 02 22:53:18 production.debug: request header x-csrf-token: [] [] apr 02 22:53:18 production.debug: request header x-xsrf-token: [] [] apr 02 22:53:18 production.debug: request url: https://sub.domain.com/requests/post [] []
server vars:
apr 02 22:53:18 production.debug: array ( 'user' => 'forge', 'home' => '/home/forge', 'fcgi_role' => 'responder', 'app_env' => 'production', 'query_string' => '', 'request_method' => 'post', 'content_type' => 'application/x-www-form-urlencoded', 'content_length' => '867', 'script_filename' => '/home/forge/doamin.com/public/index.php', 'script_name' => '/index.php', 'request_uri' => '/requests/post', 'document_uri' => '/index.php', 'document_root' => '/home/forge/doamin.com/public', 'server_protocol' => 'http/1.1', 'gateway_interface' => 'cgi/1.1', 'server_software' => 'nginx/1.6.2', 'remote_addr' => '74.xx', 'remote_port' => '56563', 'server_addr' => '104.xx', 'server_port' => '443', 'server_name' => 'doamin.com', 'https' => 'on', 'redirect_status' => '200', 'http_accept' => 'text/html, application/xhtml+xml, */*', 'http_referer' => 'https://sub.domain.com/place-st', 'http_accept_language' => 'en-us', 'http_user_agent' => 'mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; rv:11.0) gecko', 'http_content_type' => 'application/x-www-form-urlencoded', 'http_accept_encoding' => 'gzip, deflate', 'http_host' => 'sub.domain.com', 'http_content_length' => '867', 'http_connection' => 'keep-alive', 'http_cache_control' => 'no-cache', 'php_self' => '/index.php', 'request_time_float' => 1428040398.7879851, 'request_time' => 1428040398, ) [] []
session/cookie
apr 02 22:53:18 production.debug: request path: requests/post [] [] apr 02 22:53:18 production.debug: cookie: array ( ) [] [] apr 02 22:53:18 production.debug: session: array ( '_token' => '8l3pba9albvbcrvipm5wntl7bp0slsirjcakfwzh', ) [] []
http request:
apr 02 22:53:18 production.debug: post /requests/post http/1.1 accept: text/html, application/xhtml+xml, */* accept-encoding: gzip, deflate accept-language: en-us cache-control: no-cache connection: keep-alive content-length: 867 content-type: application/x-www-form-urlencoded host: sub.domain.com referer: https://sub.domain.com/place-st user-agent: mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; rv:11.0) gecko _token=l3nu4ehsev5w1ixy86g18fsgnvs6sacdnjtuz5qv&var=value&var2=value2&etc... [] []
this sounds alot known issue laravel: https://github.com/laravel/framework/issues/8172
the cause not yet known, , has been going on while. there lot of smart people looking - apparent randomness of issue making difficult debug.
i suggest contribute information ticket , keep eye there further information. need information server config , app config possible - can try replicate issue. far exact method replicate not known, making fix difficult.
Comments
Post a Comment