How to avoid TokenMismatchException on logout?

If you stay too long on one form or get away from your computer, and then go back to fill it in - you may get a TokenMismatchException, because the CSRF token won't be the same. It kinda makes sense, but the problem I recently discovered that it does the same for logout (which is also a form). And that's pretty silly, so how to avoid it? Basically, if you do nothing on the page for a few hours and then click logout, you may see something like this: token mismatch exception laravel

To avoid this, we may add exceptions for the URLs that we don't want to have CSRF protection. There's a special array for that - in app/Http/Middleware/VerifyCsrfToken.php:

class VerifyCsrfToken extends Middleware
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        //
    ];
}

So what we should do, is add logout into this array:

protected $except = [
    '/logout'
];

You can add more URLs here, if you wish, but be careful - CSRF protection is quite an important thing.

Like our articles?

Become a Premium Member for $129/year or $29/month

What else you will get:

58 courses (1056 lessons, total 44 h 09 min)
78 long-form tutorials (one new every week)
access to project repositories
access to private Discord

How to avoid TokenMismatchException on logout?

Like our articles?

Recent Premium Tutorials

Laravel Deployment Script: 4 Steps to Add Changes on Server

Design Patterns: Examples from Laravel Framework Core

Laravel Spatie Media Library: 8 Less-Known Features with Demos

Laravel API Versioning: All You Need To Know About V1/V2

Filament Appointment Booking: Re-Use Admin Panel Form on Public Page

Laravel Reverb Demo: Real-Time Notification on Completed Task