My app is throwing a TokenMismatchException in VerifyCsrfToken.php error on some ajax POST routes. It's extremely intermittent and it's been going on for some time. There's no pattern I could discern.
Today I got two POST requests back-to-back, only one of which threw the error. I compared the request headers and found that:
-
Cookie is the same on both requests, something like:
XSRF-TOKEN=eyJpdiI6IlF...; kbR_session=eyJpdiI6IjQxZDF... -
X-XSRF-TOKEN is also the same:
eyJpdiI6IlF2RFVVYkpm...
I'm using Angular (v1.2.12) which as the Laravel 5.2 documentation states is setting the cookie value automatically.
So if the request headers match, how is it that one request succeeds and the other fails? What am I not looking at?
