If you stay too long on one form or get away from your computer, and then go back to fill it in – you may get a TokenMismatchException, because the CSRF token won’t be the same. It kinda makes sense, but the problem I recently discovered that it does the same for logout (which is also a form). And that’s pretty silly, so how to avoid it?

Basically, if you do nothing on the page for a few hours and then click logout, you may see something like this:

token mismatch exception laravel

To avoid this, we may add exceptions for the URLs that we don’t want to have CSRF protection. There’s a special array for that – in app/Http/Middleware/VerifyCsrfToken.php:

So what we should do, is add logout into this array:

You can add more URLs here, if you wish, but be careful – CSRF protection is quite an important thing.



  1. <script type="text/javascript">
  2. // Say hello world until the user starts questioning
  3. // the meaningfulness of their existence.
  4. function helloWorld(world) {
  5. for (var i = 42; --i >= 0;) {
  6. alert('Hello ' + String(world));
  7. }
  8. }
  9. </script>
  10. <style>
  11. p { color: pink }
  12. b { color: blue }
  13. u { color: "umber" }
  14. </style>


Please enter your comment!
Please enter your name here