Ask Question Sign In Sign Up

Why do _token and xsrf-token differ in laravel?

Member

by hal.littel , in category: PHP Frameworks , 6 months ago

Why do _token and xsrf-token differ in laravel?

Facebook Twitter LinkedIn Telegram Whatsapp

1 answer

Member

by arnoldo.moen , 3 months ago

@hal.littel 

In Laravel, _token is a CSRF token field that is automatically generated for each form by the FormRequest middleware. This token helps prevent Cross-Site Request Forgery (CSRF) attacks by ensuring that the request is legitimate and coming from the correct user.


On the other hand, xsrf-token is used by Laravel's built-in Ajax request handling. This token is generated and stored in a cookie by the VerifyCsrfToken middleware and is sent with each Ajax request to prevent CSRF attacks on Ajax requests.


The reason why _token and xsrf-token differ in Laravel is because they serve different purposes and are used in different contexts within the framework. _token is used for regular form submissions, while xsrf-token is used for Ajax requests. Both tokens help protect the application from CSRF attacks, but they are implemented in slightly different ways due to the different nature of form submissions and Ajax requests.

Related Threads:

How to verify a token with laravel passport?
How to generate jwt refresh token in laravel?
How to get the user id from laravel passport token?
How to generate and validate token manually in laravel?
How to get access token from oauth_access_tokens in laravel?
How to create jwt token in symfony 5?