Elegant handling of 419 expiry

Does anyone have an elegant solution for handling a 419 expiration in Filament? By default in Laravel, the CSRF token and session expire after two hours, which is extended on every interaction. If the user leaves a page with no polling open for two hours (default expiry), or closes their browser, or puts the computer to sleep, when they return to the page they'll end up seeing a full page modal containing a 419 Expiry message, along with a JS popup saying the page has expired. When they click to refresh, even if they're logged in with a "Remember Me" token, they seem to be logged out and directed to the login page.
12 Replies
Tetracyclic
TetracyclicOP8mo ago
@awcodes I saw in another topic about this that you've never seen the JS pop-up in Filament, but it even happens in the Filament demo app. Wondering if you have something configured differently that's preventing this.
Tetracyclic
TetracyclicOP8mo ago
No description
No description
Tetracyclic
TetracyclicOP8mo ago
The pop-up is created by Livewire and there's a request hook to do something else instead (like refresh the page), but I'm wondering if this is the best way in Filament
awcodes
awcodes8mo ago
Even outside of filament I’ve never seen the 419 in a js alert Wonder if it’s tied to echo or websockets? Really don’t know.
Povilas K
Povilas K8mo ago
@awcodes I can confirm that I've seen similar to @Tetracyclic says - forgotten to close the browser for Filament demo (or any other Filament apps tbh) and then came back to see that "Page expired", followed up by that JS confirmation dialog. I don't know the "graceful" solution to this but didn't dig deeper, I just don't see this as a problem, in my opinion it's a normal behavior - page LITERALLY expired for what it was supposed to do two hours ago. That's intended imho.
awcodes
awcodes8mo ago
Yea. I don’t have a problem with it. I just don’t think it’s anything filament specific.
Povilas K
Povilas K8mo ago
Oh yeah, it's outside of Filament definitely. Digging way deeper, it's how browser/internet work 🙂
Tetracyclic
TetracyclicOP8mo ago
To be clear, I expect it to expire for security reasons (although I'm unsure why it's logging the user out - with a remember me token in place, it should log them back in seamlessly on a refresh), it's just that a full page modal and a clunky JS dialog isn't particularly graceful, especially when using Livewire/Filament for a SaaS or end user application, rather than just an admin panel. I just wasn't sure if there was a better way in Filament to handle this, other than just shoving the Livewire request hook into the page via a Filament render hook and having it refresh the page immediately.
Jean Roumeau
Jean Roumeau8mo ago
Laravel
JavaScript | Laravel
A full-stack framework for Laravel that takes the pain out of building dynamic UIs.
Tetracyclic
TetracyclicOP8mo ago
Yeah, I already linked that page above 😄 That's my current solution, I'm just forcing location.reload on the request failure via a Filament hook. I was just wondering if there was a better way in Filament. It does seem to work pretty smoothly though, and having tested with a 1 minute session lifetime, reloading doesn't seem to log the user out in the same way accepting the JS dialog did (if they have a remember me token set).
Jean Roumeau
Jean Roumeau8mo ago
Livewire does it pretty similar though:
function handlePageExpiry() {
confirm("This page has expired.\nWould you like to refresh the page?") && window.location.reload();
}
function handlePageExpiry() {
confirm("This page has expired.\nWould you like to refresh the page?") && window.location.reload();
}
Tetracyclic
TetracyclicOP8mo ago
Yeah, I'm thinking perhaps the times I was logged out during testing were when I was impersonating another user. The mismatch in remember token would explain it.

Did you find this page helpful?