The most straightforward way to guarantee the uniqueness of a form submission (In the sense of stopping someone mashing submit twice) is to generate a random token and storing it in a session AND a hidden field.

保证表单提交唯一性的最直接方法（在阻止某人两次提交两次的意义上）是生成一个随机令牌并将其存储在会话和隐藏字段中。

If it doesn't match, reject the form, if it does match, accept the form and nuke the session key.

如果不匹配，则拒绝该表单，如果匹配，则接受该表单并取消会话密钥。

OR

或者

Force Laravel to regenerate a new session token after each time a token is verified correctly. (Easy Way Out)

每次正确验证令牌后，强制 Laravel 重新生成新的会话令牌。（简单的办法）

To achieve this, create a new function tokensMatch()in app/Http/Middleware/VerfiyCsrfToken.php(which will overwrite the inherited one). Something like this:

要实现这一点，请tokensMatch()在app/Http/Middleware/VerfiyCsrfToken.php（将覆盖继承的）中创建一个新函数。像这样的东西：

protected function tokensMatch($request)
{
    $token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');

    if (!$token && $header = $request->header('X-XSRF-TOKEN')) {
        $token = $this->encrypter->decrypt($header);
    }

    $tokensMatch = hash_equals($request->session()->token(), $token);

    if($tokensMatch) $request->session()->regenerateToken();

    return $tokensMatch;
}

In case you validate the form and the validation fails, the old data will be passed back to the form. So you need to make sure not to pass back the old token by adding _tokento the $dontFlasharray in app/Exceptions/Handler.php

如果您验证表单并且验证失败，旧数据将被传递回表单。所以你需要确保不要通过添加_token到$dontFlash数组中来传回旧令牌app/Exceptions/Handler.php

protected $dontFlash = ['password', 'password_confirmation', '_token'];

protected $dontFlash = ['password', 'password_confirmation', '_token'];