[5.3] "TokenMismatchException in VerifyCsrfToken.php" in Laravel's auth form

[MountainDev]

I use fresh installation of Laravel 5.3. I did the following steps in my Homestead:

laravel new blog php artisan make:auth entered proper database configuration in .env php artisan migrate

That's all I did. Everything wen smoothly but when I submit register form I get: TokenMismatchException in VerifyCsrfToken.php line 67:

I tried to clean cache and cookies, use different browsers and install Laravel again (also via composer). Some people from Laravel's IRC Chat also confirm that bug too.

[ivan-grozni]

Actually might have spoken a little to soon. Seems to resurface after browsing a bit.

On Tue, Feb 21, 2017 at 6:53 PM, Cristian Fundanera < notifications@github.com> wrote:

If you are using AJAX add this command: $.ajax({ headers : { 'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content') } }); Working in resources controller...

Hope it Helps!

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/laravel/framework/issues/15040#issuecomment-281553210, or mute the thread https://github.com/notifications/unsubscribe-auth/AFMEiRzfUIsLnyE6YqnrqpDMSCR8gpH-ks5re6MSgaJpZM4Js_eC .

[manishnakar]

I installed laravel auth module with :

php artisan session:table
php artisan make:auth
php artisan migrate

I was facing same issue with laravel 5.4 .. and then following command works for me :)

chmod 777 storage/framework/sessions/

before this it was

chmod 775 storage/framework/sessions/ 

Happy coding

[cbcballestas]

@MountainDev I just type this: php artisan serve --host=localhost... and it works

[ivan-grozni]

Coincidentally, I did the opposite and it worked.

I stopped typing php artisan serve --host=localhost and instead just did php artisan serve and let it serve on 127.0.0.1:8000 and then it started working in Chrome.

On Tue, Feb 28, 2017 at 11:43 AM, Carlos Ballestas <notifications@github.com

wrote:

@MountainDev https://github.com/MountainDev I just type this: php artisan serve --host=localhost... and it works

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/laravel/framework/issues/15040#issuecomment-283141865, or mute the thread https://github.com/notifications/unsubscribe-auth/AFMEiTbfQN5QwLjvw8PRn59PsdJHRDj6ks5rhHjzgaJpZM4Js_eC .

[cbcballestas]

@ivan-grozni Thanks bro, it works.

[binaryweavers]

silly but make sure _token input in html must not set to disabled in any way. strange but disabled="false" worked for me 👍

[ghost]

everything is working with php artisan serve but when i added domain it was giving me verifyToken error ... after some tinkering i ran chmod 777 storage/framework/sessions/ and it worked just fine. However a better way to do that according to my settings

sudo chown -R www-data:www-data project-folder/ sudo chmod 775 -R bootstrap project-folder/public sudo usermod -a -G www-data myusername //so that you can edit files with sublime and other tools sudo chmod -R ug+rwx storage project-folder/bootstrap/cache

[raiomido]

Do not edit your Laravel files. It is usually the last thing with the problem. It is most likely a permission issue. If developing on Linux this happens because, www-data is being denied permission to write to storage directory. To fix this, just run

cd /pathtorootdirectory
$ sudo chown -R www-data:www-data storage

[SETIexplorer]

Was trying to resolve it for past 2 hours. Then I realized what time is it... Daylight saving time began, here, in Serbia, 2 hours ago. It is working now and, although I did reboot my laptop it works on my dev server also (without reboot). Very strange, but I'm 99% sure that it has something to do with it (CSRF token creation time)...

[mnvx]

@jasonmccreary Thanks, I had same problem. Problem was with incorrect values in APP_URL and SESSION_DOMAIN. Because of this session was starting after every request and there was no token in old session.

[digitalhuman]

Just to see how many people solved this annoying error just by reading this 'Issue' is just great! Maybe its not the right place since it is a configuration error and not really a bug but still. People think this is an issue or a bug so, the first start look here I guess.

[asanikovich]

In my case the issue was related to file permissions (storage folder).

[graphicalx]

Had torn my hair out because of this problem until I set both APP_URL and SESSION_DOMAIN, AND restarted the apache server. So APP_URL=http://localhost SESSION_DOMAIN=localhost and now its working

If it still doesn't work, try changing the cookie name in config/session.php and of course change encrypt to true

EDIT: So some parts still didn't work. More digging later I noticed empty space at the start of my layout.blade.php and fixed that to make everything work :) And make sure you have <meta name="csrf-token" content="{{ csrf_token() }}"> And artisan cache:clear and clear cookies and restart server.

[ttimot24]

The whole day is wasted to solve my token mismatch, I tried everything, still no luck. I'm so annoyed and sad.

[digitalhuman]

@ttimot24 i know that feeling man. That was my frustration as well. Did you try everything we pointed out here? All steps? Do you still have the issue? It's like ..... months ago? Or is this a new project?

Make sure you check; database, session and filestore. Validate your .env with the application config in the way that they don't overwrite eachother. Else; drop a note.

[ttimot24]

@digitalhuman It's the same project, but a different issue. I have multiple login for users and for admins. The admin area login works fine, but the website login not. I realised that if I go to my website and try to login, then comes the exception. If I refresh a several times, it starts working. Then if I close the browser and reopen, it won't work until a several try again. It not even reach the Auth:attemp() so it's not a redirect issue. I have reg pages, profile update pages and some other forms, everything works except this login. Tried with different browsers (iexplorer, firefox,chrome, avastwebbrowser), and tried with other computers too. I'm pointless.

[digitalhuman]

in /config/session.php you have a setting 'session_close' or something. What value does it have?

[thatguy76]

I'm looking for a life line here as I've spent more hours than I wish to mention on googling and reading threads on this issue and trying every possible solution with no luck. I've literally tried every step in this thread along with several others, multiple times, yet I still get this error.

I set homestead on a new laptop and on my desktop and then pulled a current project from git, migrated and seeded the database. But, when I try to login to admin area of the app, I get the error: TokenMismatchException in VerifyCsrfToken.php line 53.

I'm not sure what else to try here, I get the exact same error on both my desktop and laptop, any other suggestions?

[asanikovich]

@thatguy76

I'm not sure what else to try here, I get the exact same error on both my desktop and laptop, any other suggestions?

Try this: In my case the issue was related to file permissions (storage folder).

[thatguy76]

@allok Nothing here to try. Thanks.

[frutality]

Had same issue, using docker. It is really problem with permissions in my case. Solution is adding one line to php-fpm related Dockerfile: RUN usermod -u 1000 www-data

[alexlhc906]

Hi! try this! (laravel 5.4) file session.php

'expire_on_close' => true

good luck!

[iraklisg]

@ellisio

Just a little interesting fact: This error stopped occurring once I stopped using Vagrant and switched to Docker. :)

Interestingly, when I run my test directly on my local machine, everything works like a charm... :smiley:. However, if I run my test through docker, I get a failure Expected status code 200 but received 419. :cry:

Using $this->withoutMiddleware(); in the latter case solves the problem (test are passing) although I can't figure out why... :confused:

[iraklisg]

@ellisio I finally figured out what the problem was with Expected status code 200 but received 419 when running tests via docker. Specifically, my test parameters (incl test databases names, etc) existed on a .env.testing file but I was mistekenly using the paameters defined on .env file. By correcting this everything runs smoothly :sunglasses:

[matrunchyk]

Maybe this article can help someone.

[pkchoudhary1211]

you all need to extend class AccessTokenController

class AccessTokenController extends PassportAccessTokenController

  public function issueToken(ServerRequestInterface $request)
    {
        try {
            return $this->convertResponse(
                $this->server->respondToAccessTokenRequest($request, new Psr7Response)
            );
        } catch (OAuthServerException $exception) {
           // your custom logic

            return $this->withErrorHandling(function () use($exception) {
                throw $exception;
            });
        }
    }

HAPPY CODING

[malickatique]

Try it it will solve your problem, It is because of http and https conflict. Goto "session.php" file change this: 'secure' => env('SESSION_SECURE_COOKIE', false), to this: 'secure' => true,

[antonkomarev]

@malickateeq you can add SESSION_SECURE_COOKIE=true to your .env file instead of changing the config file.

[PinGoDev]

I was empty the /storage/framework/sessions folder and it works for me.