How to hide data shown in the url

I have created a login page in which user login in with their credentials i.e patientId and contactNumber but after being logged in, the CSRF token is also displaying login credentials along with the token.Also I am using APIs for login and other stuff. This is the output I am getting: http://127.0.0.1:8000/login1?_token=BugYniw96HnJ6C8gjjcpzSruW0CwDdq8JW7kD7Oz&patientId=33488&contactNumber=08732837489

This is my login blade file:

   <form method="GET" action="{{route('login1')}}" name="myForm"   >
    <input type="hidden" name="_token" value="{{ csrf_token()}}">
   
<span >
User Login
</span>
<div  data-validate="Mr.No is required">
<input  name="patientId" id="patientId" placeholder="Enter MR Number" >
<span ></span>
<span >
<i  aria-hidden="true"></i>
</span>
</div>
<div  data-validate="Contact Number is required">
<input  name="contactNumber" id="contactNumber" placeholder="Enter Contact Number">
<span ></span>
<span >
<i  aria-hidden="true"></i>
</span>
</div>
<div  >
<button   type="submit">
Login
</button>
</div>
<div >
<a  href="#">

</a>
</div>
</form>

This is a web route file:

<?php

use Illuminate\Support\Facades\Route;
use App\Http\Controllers\MainController;
use App\Http\Middleware\VerifyCsrfToken;


Route::get('/', function () {
    return view('login1');
});

Route::get('/login1', [MainController::class, 'successlogin'])->name('login1');

This is my controller file:

<?php

namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Http\Controllers\SessionClass;
use Illuminate\Support\Facades\Http;
use App\Http\Controllers\HostClass;
use Illuminate\Support\Facades\Session;



class MainController extends Controller
{
 

public function successlogin(Request $req)
{

  
  $host = new HostClass();
  $obj = new SessionClass();
  $obj->sethalfpatientId($req->patientId);
  $response = Http::post($host->getserverIp().'/patientInformation',[
    "patientId"=> $req->patientId,
    "contactNumber"=> $req->contactNumber,
    "orgId"=>"332",
    "sessionId"=> "3"
        ]);
      
  $data = json_decode($response, true);

  if($data == null){
    echo "error";

    $notification = array(
            'message' => 'User Does not Exists!',
            'alert-type' => 'error'
        );
        return back()->with($notification);
  
  
  }
  else{

  $obj->setpatientId($data['patientId']);
  $obj->setcontactNumber($data['contactNumber']);
 
  $response2 = Http::post($host->getserverIp().'/searchPatientReports',[
    "patientId"=> $obj->getpatientId(),
    "departmentId"=> "128"

        ]);
  $data2 = json_decode($response2, true);


  $response3 = Http::post($host->getserverIp().'/patientVisits',[
    "patientId"=> $obj->getpatientId()
        ]);
  $data3 = json_decode($response3, true);
    
    Session::put('user', $data);
   
$listappointment = ($data['listAppointments']);

 
return view('dashboard', compact(['data','data2','data3','listappointment']));
  }

}

CodePudding user response：

use POST method so the data dont show in the url

 <form method="POST" action="{{route('login1')}}" name="myForm"   >

And change the route to accept post method

Route::post('/login1', [MainController::class, 'successlogin'])->name('login1');