[4.2] CSRF Token is regenerated on high request frequency #6777
Description
When a high amount of requests (8+) is made to my app with a high frequency (within 5-8 seconds) my CSRF token is regenerated at some point. I cannot seem to find the cause in code nor anywhere debated in documentation. I did however find a similar, unanswered question on SO from September http://stackoverflow.com/questions/25725940/laravel-4-2-generates-new-csrf-token-depending-of-requests-frequecy
I have successfully replicated the issue in this repository https://github.com/esbenp/Laravel-Session-Bug . Beware, the bug is occurring very randomly, meaning on some tries it has successfully executed 50 request with same token whilst on others the token has changed at some point. Sometimes even multiple times.
Below is an excerpt from the demo log showing the X-CSRF-Header, the Session::getToken() value and the session id for 50 requests made within a short period of time (2 seconds).
[2014-12-22 22:19:07] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:07] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:07] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[ ... 20 similar results ... ]
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'Lmj4DlV92FRCIjEyrOEepJvFhPbhvVRlsnHnZAmA',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'Lmj4DlV92FRCIjEyrOEepJvFhPbhvVRlsnHnZAmA',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[ ... 2 similar results ... ]
[2014-12-22 22:19:08] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'GTaUr8rHPdmxqOU4pzifswQYAUyADb8NlsvSNCvz',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:09] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'GTaUr8rHPdmxqOU4pzifswQYAUyADb8NlsvSNCvz',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:09] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'GTaUr8rHPdmxqOU4pzifswQYAUyADb8NlsvSNCvz',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:09] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'GTaUr8rHPdmxqOU4pzifswQYAUyADb8NlsvSNCvz',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:09] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'GTaUr8rHPdmxqOU4pzifswQYAUyADb8NlsvSNCvz',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:09] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'GTaUr8rHPdmxqOU4pzifswQYAUyADb8NlsvSNCvz',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:09] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'GTaUr8rHPdmxqOU4pzifswQYAUyADb8NlsvSNCvz',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:09] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'GTaUr8rHPdmxqOU4pzifswQYAUyADb8NlsvSNCvz',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []
[2014-12-22 22:19:09] local.INFO: array (
'Header token' => 'aNPX2sglxxpxIygU5vwFSqSz3BLlWQGJ3tPszIKP',
'Laravel token' => 'GTaUr8rHPdmxqOU4pzifswQYAUyADb8NlsvSNCvz',
'Session ID' => '1be2059c738423eecf458c7fc5881e34cee2f21b',
) [] []