Fileupload on registration page - 419 error
For full context, we have a Filament app with 2 panels - Admin & Member. When a member registers, an Admin receives a notification and they must review the member user details to approve access. Middleware blocks the member user from accessing the panel until they're approved.
In order for a member to register they must provide an ID card upload. We've discovered that when the fileupload field is set, and Sign Up is clicked, then the session expires. Console shows a call to /livewire/update returns 419. We are trying to understand how the fileupload field causes the page to expire.
Thank you!
3 Replies
UPDATE:
session()->regenerate(); is what causes this to happen. Overrode the register() method and removed this line. It's a bit glitchy but it works without the 419 error.
I assume the session becomes invalid before the fileupload can finish saving. Is there any negative implication to not regenerating the session during registration?I'm also encountering this error when using the
FileUpload field. Your solution works but introduces a huge vulnerability into your web app - I'm talking about session fixation here.
@jgreco If only there was a way to wait for the FileUpload field to save (completing the upload) first before regenerating the session.why not taking a different approach?