Keep livewire form session alive (419)

keep-csrf-alive.blade.php

<script data-turbolinks-eval=false>
    function updateToken() {
        fetch('/update-csrf')
        .then(response => response.text())
        .then(csrf => {
            document.head.querySelector('meta[name="csrf-token"]').setAttribute('content', csrf)
        })
    }
    setInterval(updateToken, 1000 * 60 * 5)
</script>

web.php

Route::get('update-csrf', fn () => response(csrf_token()))->middleware('auth');

redirect if logged out

Or if you do not want to return the csrf you could just check if the user is authenticated. The session token will be the same as long as the user is logged in. By polling the server the session is kept alive.

This one covers the situation where the window has lost its focus, the user will be redirected when they get back to the window.

Route::get('check-auth', fn () => response(auth()->check() ? 'true' : 'false'))->middleware('auth');

<script>
    document.addEventListener('turbolinks:load', () => {
        function checkAuth() {
            if (document.hasFocus()) { //do not spend money on dead requests
                fetch('/check-auth')
                .then(response => response.text())
                .then(auth => {
                    if(auth != "true") {
                        window.location.href="{{ route('login') }}";
                    }
                })
            }
        }
        setInterval(checkAuth, 1000 * 60 * 55) //every 55 minutes, my session is 120 minutes
        window.addEventListener('focus', () => {checkAuth()});
    }, {once: true}) //prevent turbolinks from running the script multiple times
</script>

Here is an improved version, without csrf route
https://gist.github.com/tanthammar/02c615e73022c44dda6533ed9416ac29