Laravel: Session expires while registration form is open

I have have a web app which is waiting for users on a laptop in kiosk mode. Sometimes, registration fails and users get an error screen - I think it's 419 Session Expired.

So I assume two hours after the login screen loads, the session expires (I kept the default of 120 minutes in config/session.php) and Laravel does not accept any request from that page.

How should I deal with this? I know how to make a page reload every 110 minutes or so using JS, but then I'd have to check the registration form is being filled out at this moment. This does not feel like a clean solution to me.

Is there any alternative, such as a mechanism to make Laravel less strict when a request comes from the register or login pages?



As mentioned, the simplest solution is usually to extend the session expiration time from the default of 2 hours (which is very short).

If longer sessions are not desirable, another option is to keep the session alive for as long as the browser page is open by using javascript.

Add a route in routes/web.php:

Route::post('/keep-alive', function () {
    return response()->json(['ok' => true]);

And then ping this route periodically with javascript:

setInterval(() => {'/keep-alive')
        .then(() => {})
        .catch(() => {})
}, 600000)

(I used axios to make the POST request because it's included with a default Laravel install, but you can use anything to make the request.)

Since the request passes through the web middleware group, the session middleware should be run and keep the session alive. If the browser page is closed, the computer is put to sleep, etc., then the session will still expire normally after the configured time has elapsed.

You can also check for session expiration responses from the javascript call and then refresh the page, prompt for credentials, or perform some other action if you detect that the session expired. This case is most likely to occur if the computer resumes operation from a sleeping state.


You note yourself that you can change the session time in config/session.php. Is there a reason why you don't want to change that?

Alternatively, assuming that this is not an app that is accessible on the World Wide Web and is for Kiosk use only, you can exclude certain routes from requiring the CSRF token altogether;

Edit the **$except** property of the VerifyCsrfToken middleware;

protected $except = [

Information taken from the Laravel Documentation.


I think you might want to take a look at this package:


Hope it helps :)


Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us Javascript

©2020 All rights reserved.