My register page is showing the form properly with CsrfToken ({{ csrf_field() }}
) present in the form).
Form HTML
<form class="form-horizontal registration-form" novalidate method="POST" action="{{ route('register') }}">
{{ csrf_field() }}
....
</form>
I am using inbuilt authentication for the users. Have not changed anything except the routes and redirects.
When I submit the form (just after reloading also), it gives that The page has expired due to inactivity. Please refresh and try again. error.
My be I am missing a very small thing. But not sure what it is. Any help?
Update
Found the issue. The session driver was set to array. Changed it to file and the error is gone now. But what is wrong if I use array?
This question is related to
php
laravel
csrf
laravel-5.5
If you're coming to this answer directly from a search, make sure you have already added the csrf token to your form with {{ csrf_field() }}
like the OP.
If you have your session driver set to file:
May have something to do with the storage_path not being writable. This is where it stores session data regarding tokens if you're using file based sessions. The can be verified with is_writable(config('session.files'))
For the OP, the session driver was set to array. Array is for testing only. Since data is not persisted, it will not be able to compare the token on the next request.
The array driver is used during testing and prevents the data stored in the session from being persisted.
https://laravel.com/docs/5.5/session#configuration
Check config/session.php
Lastly, an issue I just had, we had a project which has the session domain and secure settings in config/session.php but the development site was not using HTTPS (SSL/TLS). This caused this generic error since sessions.secure was set to true by default.
Many time its happening because you are testing project in back date
I encountered the same issue on Linux-mint but then realized that the htdocs folder had no full permissions. So I changed the permissions of all the subdirectories in the htdocs folder by doing: sudo chown -c -R $USER:$USER /opt/lampp/htdocs/*
I had the same problem but the problem is not in the framework but in the browser. I don't know why but google chrome blocks cookies automatically, in my case. After allowed cookies the problem was resolved.
This caused because of Illuminate\Session\TokenMismatchException
look at this code sample how to handle it properly:
I ran into the same issue in Laravel 5.5. In my case, it happened after changing a route from GET to POST. The issue was because I forgot to pass a CSRF token when I switched to POST.
You can either post a CSRF token in your form by calling:
{{ csrf_field() }}
Or exclude your route in app/Http/Middleware/VerifyCsrfToken.php
protected $except = [
'your/route'
];
Short answer
Add the route entry for register
in app/Http/Middleware/VerifyCsrfToken.php
protected $except = [
'/routeTo/register'
];
and clear the cache and the cache route with the commands:
php artisan cache:clear && php artisan route:clear
Details
Every time you access a Laravel site, a token is generated, even if the session has not been started. Then, in each request, this token (stored in the cookies) will be validated against its expiration time, set in the SESSION_LIFETIME
field on config/session.php
file.
If you keep the site open for more than the expiration time and try to make a request, this token will be evaluated and the expiration error will return. So, to skip this validation on forms that are outside the functions of authenticated users (such as register or login) you can add the except route in app/Http/Middleware/VerifyCsrfToken.php
.
My case was solved with SESSION_DOMAIN
, in my local machine had to be set to xxx.localhost
. It was causing conflicts with the production SESSION_DOMAIN
, xxx.com
that was set directly in the session.php config file.
Be sure to have the correct system time on your web server. In my case, the vagrant machine was in the future (Jan 26 14:08:26 UTC 2226) so of course the time in my browser's session cookie had expired some 200+ years ago.
Try all of them.
composer dump-autoload
php artisan optimize
php artisan cache:clear
php artisan config:clear
php artisan route:clear
php artisan view:clear
In my case, the site was fine in server but not in local. Then I remember I was working on secure website.
So in file config.session.php, set the variable secure to false
'secure' => env('SESSION_SECURE_COOKIE', false),
set mbstring.func_overload = 2
it helped me
I change permission to storage and error was gone. It seemed lack of permission was the issue.
sudo chmod -R 775 storage/
Some information is stored in the cookie which is related to previous versions of laravel in development. So it's conflicting with csrf generated tokens which are generated by another's versions. Just Clear the cookie and give a try.
I have figured out two solution to avoid these error 1)by adding protected $except = ['/yourroute'] possible disable csrf token inspection from defined root. 2)just comment \App\Http\Middleware\VerifyCsrfToken::class line in protected middleware group in kernel
add @csrf
in the form
and also go to VerifyCsrfToken.php
app->Http->Middleware->VerifyCsrfToken.php
protected $except = [
'paste your route here'
];
Solution:
use incognito new tab then test it again.
reason:
in my case another user logged in with my admin panel
Sign in to connect to the server.
Search Error
An error has occurred: search false You don't have the peais.
Search request is longer.
I had the app with multiple subdomains and session cookie was the problem between those. Clearing the cookies resolved my problem.
Also, try setting the SESSION_DOMAIN
in .env file. Use the exact subdomain you are browsing.
For those who still has problem and nothing helped. Pay attention on php.ini mbstring.func_overload parameter. It has to be set to 0. And mbstring.internal_encoding set to UTF-8. In my case that was a problem.
Source: Stackoverflow.com