Laravel 5.0 TokenMismatchException with ajax login

Question

I am developing a web application with laravel 5.0, php 5.5 on a debian 7 server.

this website allows user to login through a login modal (ajax login). but...

I keep getting this exception

TokenMismatchException in VerifyCsrfToken.php line 47

I know story about csrf_token() must in the form and X-CSRF-TOKEN for ajax post. I have tried every thing but still no solution.

the interesting thing is, that happened only if you visit the site at first time, on homepage or any page directly. When you visit a member area, and laravel will redirect you to homepage with auth errors, after that, you will never get tokenmismatchexception again, the same login modal works as a sun shines.

any suggestion

UPDATE:

here are the codes:

in the Header I have include the csrf_code() already:

<meta name="csrf-token" content="{{ csrf_token() }}">

and in the form (actually is optional, because X-CSRF-TOKEN is already setup)

<input type="hidden" name="_token" value="{{ csrf_token() }}">

route:

Route::post('/login', ['as' => 'auth.login', 'uses' => 'Auth\AuthController@postSignin']);

VerifyCsrfToken.php for debugging.

public function handle($request, Closure $next)
{
    if ($this->isReading($request) || $this->tokensMatch($request)) {
        return $this->addCookieToResponse($request, $next($request));
    }

    throw new TokenMismatchException;
}

public function tokensMatch($request)
{
    $token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');

    if (!$token && $header = $request->header('X-XSRF-TOKEN')) {
        $token = $this->encrypter->decrypt($header);
    }
    \Clockwork::info($request->session()->token());
    //\Clockwork::info(\Session::token());
    \Clockwork::info($token);
    //return StringUtils::equals($request->session()->token(), $token);
    return StringUtils::equals(\Session::token(), $token);
}

Jquery Ajax setup:

$.ajaxSetup({
    headers: {
        'X-XSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
    }
});

output:

Answer 1

Yes Finally fixed, The reason was because there was two blank lines at the beginning of website. in the content blades I have used

@extends('layouts/main')...@show

for showing layouts. the @show causes that two blank lines, remove @show and the blank lines are gone. for whatever reason, that breaks all cookies on the site and Laravel is unable to create a session.

Answer 2

your all code is going good ..

You can try this ...

$.ajaxSetup({
headers: {
    'X-XSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});

move this code just after calling jquery file ...

actually when page is going load then html dom loading after runing this code . you should do that your this code should run after loaded html dom .

i had this same problem in my website .