My register page is showing the form properly with CsrfToken ({{ csrf_field() }}) present in the form).
Form HTML
<form class="form-horizontal registration-form" novalidate method="POST" action="{{ route('register') }}">
{{ csrf_field() }}
....
</form>I am using inbuilt authentication for the users. Have not changed anything except the routes and redirects.
When I submit the form (just after reloading also), it gives that The page has expired due to inactivity. Please refresh and try again. error.
My be I am missing a very small thing. But not sure what it is. Any help?
Update
Found the issue. The session driver was set to array. Changed it to file and the error is gone now. But what is wrong if I use array?
If you're coming to this answer directly from a search, make sure you have already added the csrf token to your form with {{ csrf_field() }} like the OP.
If you have your session driver set to file:
May have something to do with the storage_path not being writable. This is where it stores session data regarding tokens if you're using file based sessions. The can be verified with is_writable(config('session.files'))
For the OP, the session driver was set to array. Array is for testing only. Since data is not persisted, it will not be able to compare the token on the next request.
The array driver is used during testing and prevents the data stored in the session from being persisted.
https://laravel.com/docs/5.5/session#configuration
Check config/sessions.php
Lastly, an issue I just had, we had a project which has the session domain and secure settings in config/session.php but the development site was not using HTTPS (SSL/TLS). This caused this generic error since sessions.secure was set to true by default.
I ran into the same issue in Laravel 5.5. In my case, it happened after changing a route from GET to POST. The issue was because I forgot to pass a CSRF token when I switched to POST.
You can either post a CSRF token in your form by calling:
{{ csrf_field() }}Or exclude your route in app/Http/Middleware/VerifyCsrfToken.php
protected $except = [
'your/route'
];Try all of them.
composer dump-autoload php artisan optimize php artisan cache:clear php artisan config:clear php artisan route:clear php artisan view:clear
This caused because of Illuminate\Session\TokenMismatchException look at this code sample how to handle it properly:
Some information is stored in the cookie which is related to previous versions of laravel in development. So it's conflicting with csrf generated tokens which are generated by another's versions. Just Clear the cookie and give a try.
My case was solved with SESSION_DOMAIN, in my local machine had to be set to xxx.localhost. It was causing conflicts with the production SESSION_DOMAIN, xxx.com that was set directly in the session.php config file.
For those who still has problem and nothing helped. Pay attention on php.ini mbstring.func_overload parameter. It has to be set to 0. And mbstring.internal_encoding set to UTF-8. In my case that was a problem.
I change permission to storage and error was gone. It seems lack of permission was the issue.
sudo chmod -R 775 storage/
I had the app with multiple subdomains and session cookie was the problem between those. Clearing the cookies resolved my problem.
Also, try setting the SESSION_DOMAIN in .env file. Use the exact subdomain you are browsing.
In my case, the site was fine in server but not in local. Then I remember I was working on secure website.
So in file config.session.php, set the variable secure to false
'secure' => env('SESSION_SECURE_COOKIE', false),Be sure to have the correct system time on your web server. In my case, the vagrant machine was in the future (Jan 26 14:08:26 UTC 2226) so of course the time in my browser's session cookie had expired some 200+ years ago.
set mbstring.func_overload = 2
it helped me
I have figured out two solution to avoid these error 1)by adding protected $except = ['/yourroute'] possible disable csrf token inspection from defined root. 2)just comment \App\Http\Middleware\VerifyCsrfToken::class line in protected middleware group in kernel
You Must have file type
FileName.blade.php in laravel
FileName.erb.rb in Ruby and Rails
and append any one
I was facing same issue with laravel 5.4 .. and then following command works for me :)
chmod 777 storage/framework/sessions/
before this, it was chmod 775 storage/framework/sessions/ ... hence I was facing the issue...
Happy coding
From Laravel 5.3 docs
The Auth::routes method now registers a POST route for /logout instead of a GET route. This prevents other web applications from logging your users out of your application. To upgrade, you should either convert your logout requests to use the POST verb or register your own GET route for the /logout URI:
Option One: Route::get('/logout', 'Auth\LoginController@logout');
For more about upgrade please have a look at this https://laravel.com/docs/5.3/upgrade
Option 2
//Insert this on your head section
<!-- CSRF Token -->
<meta name="csrf-token" content="{{ csrf_token() }}">
<!-- Scripts -->
<script>
window.Laravel = <?php echo json_encode([
'csrfToken' => csrf_token(),
]); ?>
</script>Where you want you logout
<ul class="dropdown-menu" role="menu">
<li>
<a href="{{ url('/logout') }}" onclick="event.preventDefault();
document.getElementById('logout-form').submit();"> Logout
</a>
<form id="logout-form" action="{{ url('/logout') }}" method="POST" style="display: none;">
{{ csrf_field() }}
</form>
</li>
</ul>Cheers
I solved this problem by editing the file config->session.php
'domain' => env('SESSION_DOMAIN', null),and removing SESSION_DOMAIN from the file (.env)
and finally composer dumpautoload
Actually i have the same issue in Laravel 5.4, when I upload a file using a form, I sent the token and the file uploads correctly. The issue appears when I upload a file that exceeds the max filesize upload. So, just add an exception in the VerifyCsrfToken.php for the route and the message disapears, but the file doesn't get upload.
use Closure;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier {
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
protected $except = [
'anexoSesion',
];
public function handle($request, Closure $next)
{
return parent::handle($request, $next);
}
}I had the same problem. I run Laravel / PHP on a Windows machine with IIS. If you do as well, please make sure, the user IUSR have modify rights on the project directories. After permitting the user, the error was gone.
This issue will generally occur due to permissions. As Manish noted you can chmod 777 on your sessions folder, however, I would not recommend this ever. First check if you have the same issue with the app using artisan serve (as opposed to serving your app via Nginx or Apache). If you don't then it is a permissions issue and you can change the ownership of the folder accordingly. Most likely it is the www-data user that needs permissions to write to the folder, however, you will want to check your environment to make sure as the user will differ in some cases.
To solve this add those two lines in the route file (e.g web.php)
Route::get('/', 'HomeController@index');// so when you logged out it go back
Route::get('/home', 'HomeController@index');This solved the problem for me. Hope that help.
Illuminate\Foundation\Http\Middleware\VerifyCsrfToken.php
use Closure; // import
protected $except = [
//
];
public function handle($request, Closure $next)
{
$response = $next($request);
if (last(explode('\\',get_class($response))) != 'RedirectResponse') {
$response->header('P3P', 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
}
return $response;
}or
for all url
protected $except = [
'*'
];or
If there is no use
Illuminate\Foundation\Http\Kernel.php
// \App\Http\Middleware\VerifyCsrfToken::class
this line add comment
I have added SESSION_DOMAIN=localhost in my .env file when my APP_URL is APP_URL=http://localhost. It works for me I use laravel 5.3
Out of the box, Laravel comes with web and api middleware groups that contains common middleware you may want to apply to your web UI and API routes
If you check your app/Providers/RouteServiceProvider.php, you will find that by default, a webmiddleware group is applied to all your routes in routes/web.php.
protected function mapWebRoutes()
{
Route::group([
'middleware' => 'web',
'namespace' => $this->namespace,
], function ($router) {
require base_path('routes/web.php');
});
}Now, if you go check your app/Http/Kernel.php and take a look at the $middlewareGroupsproperty, you will find a new EncryptCookies middleware. You can read about it, but if you remove this middleware from the web middleware group, your app might not give the TokenMismatchException which you are getting currently.
I am also facing this problem when using laravel5.4 for rest API. Just add the route name to the app/Http/Middleware/VerifyCsrfToken.php file.
protected $except = [
'test/login',
];After adding the line, then I run the API, it executes successfully.