I have a form which includes {{ csrf_field() }}
When I submit the form in Firefox (v57.0.4) it works fine no issues.
When I submit the same form in Chrome (v63.0.3239.132) i keep getting:
The page has expired due to inactivity. Please refresh and try again.
I've tried to clear cookies/browser cache and it makes no difference. The issue is related to Chrome only as everything works fine in other browsers such as Firefox and Edge.
In my env file I have the following set:
SESSION_DRIVER=file
What I have noticed is that when I submit the form in Chrome, a new session file seems to be generated each time inside storage\framework\sessions
. In fact every time I refresh the page or go to another page a new session file is being generated?
Another thing I've noticed is that if I login to my application in Chrome without selecting the remember me
checkbox everything works fine. But if I login with the remember me
checkbox selected, I get the above behavior. So the issue is something to do with how the remember me token is stored perhaps?
Note I'm running application on localhost using wamp on windows 10. This issue is only happening in Google Chrome.
Anyone got any tips to fix?
Updated to 5.5 (fresh install) and I get same issue - instead of token mismatch
error message i get The page has expired due to inactivity. Please refresh and try again.
displayed which I'm assuming is trying to tell me the same thing.
All other behavior is identical i.e. generating new session file on each page load/refresh but everything works fine when login in without checking the remember me
checkbox.
It's only happening in Chrome by the way.
Scoured a dozen forums and no one has yet supplied a clear solution to the issue.
Why does it work though when i sign in without selecting the remember me
checkbox. The issue is being caused when I sign in by selecting the remember me
checkbox and only in Chrome?
Check your session.php to see if you have anything set like this is true and you're accessing via HTTP or something.
'secure' => env('SESSION_SECURE_COOKIE', false),
I access the site as: localhost:8000/
This is what I have in session.php:
'driver' => env('SESSION_DRIVER', 'file'),
'lifetime' => env('SESSION_LIFETIME', 120),
'expire_on_close' => false,
'encrypt' => false,
'files' => storage_path('framework/sessions'),
'connection' => null,
'table' => 'sessions',
'store' => null,
'lottery' => [2, 100],
'cookie' => env(
'SESSION_COOKIE',
str_slug(env('APP_NAME', 'laravel'), '_').'_session'
),
'path' => '/',
'domain' => env('SESSION_DOMAIN', null),
'secure' => env('SESSION_SECURE_COOKIE', false),
'http_only' => true,
'same_site' => null,
and this is what I have in env file:
APP_NAME=xyz-xyz
APP_ENV=local
APP_KEY=base64:LhyBmW6dl3E6ZZ+nwClsmVa7ONHfTkl7Sl1vSxY9f44=
APP_DEBUG=true
APP_LOG_LEVEL=debug
APP_URL=http://localhost
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=xyz
DB_USERNAME=root
DB_PASSWORD=
BROADCAST_DRIVER=log
CACHE_DRIVER=file
SESSION_DRIVER=file
SESSION_LIFETIME=120
QUEUE_DRIVER=sync
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_DRIVER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=
MAIL_PASSWORD=
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS=
MAIL_FROM_NAME=
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1
Check to make sure you do not have another application running with the same APP_NAME value
APP_NAME=xyz-xyz
I had this same problem for over a year when I created subdomains of my companies primary domain. This is the session config for the cookie name, which Chrome is only setting on the primary domain instead of per subdomain
'cookie' => env( 'SESSION_COOKIE', str_slug(env('APP_NAME', 'laravel'), '_').'_session' ),
By updating the app name, it will alter the cookie name and you should not have this problem anymore
Verify that your config/session.php file contains this line
'domain' => env('SESSION_DOMAIN', null),
Then remove the SESSION_DOMAIN
line in your .env file
I have the same issue but maybe with different behavior.
I'm using Laravel 5.5.39 on my local windows 10.
The same app is working fine or production, but showing this message only on the local machines.
I've tried it on both my PC and laptop using google chrome, firefox, and Edge and still showing the same message "The page has expired due to inactivity. Please refresh and try again." when I try to log in.
Also, I tried to use firefox on Virtual Machine Ubuntu to connect to my laptop IP address to make sure that there is no Cookie of browser related issue.
Still No Luck
I noticed the following:
When I open only the home page, three new files get created in storage/framework/sessions
When I click on login link, four new files get created
If I type in username and password, one new file get created
For my part I get the same problem.
In my case I had
public function index() { Session::flush(); return view('home'); }
getting rid off my Session resolve my problem.
php artisan cache:clear
Fixed it for me. It happen suddenly, without changing anything.
I had the same issue. All my laravel 5.4 applications started throwing this error whenever is submitted a form for some reason, including apps that i had built and forgotten about. i tried everything else on this forum and it didn't work until i came across a solution on stack overflow.
i replaced{{ csrf_field()}}
in my form fields with<input type="hidden" name="_token" value="{{ csrf_token() }}">
and voila, it works again!! hope this helps you
here is a link to the solution https://stackoverflow.com/questions/43202606/csrf-form-verification-laravel-error/43216302#43216302
Check if you session.php contain this Line.
'domain' => env('SESSION_DOMAIN', null),
if you are working on localhost or production add SESSION_DOMAIN=YOUR_LOCALHOST_DOMAIN
on .env
file then as usual php artisan config:cache
it will work
I'm facing the same issue.
When I try to move Auth::routes();
to the top of web routes, it works.
<?php
/** routes/web.php */
Auth::routes();
/** Start to register your web routes from here */
First i ran php artisan cache:clear
and then i cleared my browser's cookies since the beginning of time.
My app works, though i am not sure if php artisan cache:clear
did something or not
UPDATE:
The above process works for only one request. I get Token Mismatch Exception again after clearing the cookies. This time what i did was, i removed the EncryptCookies Middleware from my routes. By default, Laravel 5.3 applies a 'web' middleware group using the RouteServiceProvider. I went to app/Http/Kernel.php and removed '\App\Http\Middleware\EncryptCookies::class,' line and it works.