Reputation: 2861
TokenMismatch ONLY Certain Browsers - Laravel 5 Fresh/Production
One example browser: IE 11: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Session started at 22:46:56. Fills out form. Submits form at 22:53:18, gets TokenMismatchException. So only 6 minutes later.
Session Started:
Apr 02 22:46:56 production.INFO: Session {"start":1428040016,"id":"8040cc779df0330855f8fa30483af63557aaf9c4","token":"L3nU4ehseV5w1iXy86g18FsgnVs6sAcDNjTUZ5QV","ip":"74.XX","method":"GET","url":"https://sub.domain.com/place-st","ua":"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"} []
User submits form 6 minutes later:
Apr 02 22:53:18 production.DEBUG: REQUEST SESSION token: 8L3pba9ALBVBcrvIPM5wnTl7bP0slSIrjCAkfWzh [] []
Apr 02 22:53:18 production.DEBUG: REQUEST INPUT _token: L3nU4ehseV5w1iXy86g18FsgnVs6sAcDNjTUZ5QV [] []
Apr 02 22:53:18 production.DEBUG: REQUEST HEADER X-CSRF-TOKEN: [] []
Apr 02 22:53:18 production.DEBUG: REQUEST HEADER X-XSRF-TOKEN: [] []
Apr 02 22:53:18 production.DEBUG: REQUEST URL: https://sub.domain.com/requests/post [] []
Server Vars:
Apr 02 22:53:18 production.DEBUG: array ( 'USER' => 'forge', 'HOME' => '/home/forge', 'FCGI_ROLE' => 'RESPONDER', 'APP_ENV' => 'production', 'QUERY_STRING' => '', 'REQUEST_METHOD' => 'POST', 'CONTENT_TYPE' => 'application/x-www-form-urlencoded', 'CONTENT_LENGTH' => '867', 'SCRIPT_FILENAME' => '/home/forge/doamin.com/public/index.php', 'SCRIPT_NAME' => '/index.php', 'REQUEST_URI' => '/requests/post', 'DOCUMENT_URI' => '/index.php', 'DOCUMENT_ROOT' => '/home/forge/doamin.com/public', 'SERVER_PROTOCOL' => 'HTTP/1.1', 'GATEWAY_INTERFACE' => 'CGI/1.1', 'SERVER_SOFTWARE' => 'nginx/1.6.2', 'REMOTE_ADDR' => '74.XX', 'REMOTE_PORT' => '56563', 'SERVER_ADDR' => '104.XX', 'SERVER_PORT' => '443', 'SERVER_NAME' => 'doamin.com', 'HTTPS' => 'on', 'REDIRECT_STATUS' => '200', 'HTTP_ACCEPT' => 'text/html, application/xhtml+xml, */*', 'HTTP_REFERER' => 'https://sub.domain.com/place-st', 'HTTP_ACCEPT_LANGUAGE' => 'en-US', 'HTTP_USER_AGENT' => 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko', 'HTTP_CONTENT_TYPE' => 'application/x-www-form-urlencoded', 'HTTP_ACCEPT_ENCODING' => 'gzip, deflate', 'HTTP_HOST' => 'sub.domain.com', 'HTTP_CONTENT_LENGTH' => '867', 'HTTP_CONNECTION' => 'Keep-Alive', 'HTTP_CACHE_CONTROL' => 'no-cache', 'PHP_SELF' => '/index.php', 'REQUEST_TIME_FLOAT' => 1428040398.7879851, 'REQUEST_TIME' => 1428040398, ) [] []
Session/Cookie
Apr 02 22:53:18 production.DEBUG: REQUEST PATH: requests/post [] []
Apr 02 22:53:18 production.DEBUG: COOKIE: array ( ) [] []
Apr 02 22:53:18 production.DEBUG: SESSION: array ( '_token' => '8L3pba9ALBVBcrvIPM5wnTl7bP0slSIrjCAkfWzh', ) [] []
HTTP Request:
Apr 02 22:53:18 production.DEBUG: POST /requests/post HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gzip, deflate Accept-Language: en-US Cache-Control: no-cache Connection: Keep-Alive Content-Length: 867 Content-Type: application/x-www-form-urlencoded Host: sub.domain.com Referer: https://sub.domain.com/place-st User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko _token=L3nU4ehseV5w1iXy86g18FsgnVs6sAcDNjTUZ5QV&var=value&var2=value2&etc... [] []
Upvotes: 6
Views: 1243
Answers (3)
Reputation: 60048
This sounds alot like this known issue with Laravel: https://github.com/laravel/framework/issues/8172
The cause is not yet known, and it has been going on for a while. There are a lot of smart people looking into it - but the apparent randomness of the issue is making it difficult to debug.
I suggest you contribute your information to that ticket and keep an eye there for further information. Specifically we need as much information about your server config and app config as possible - so we can try to replicate the issue. So far the exact method to replicate is not known, making a fix difficult.
Upvotes: 2
Reputation: 5793
It could be a long shot but the source of the problem could be compatibility mode of IE and different sessions of those modes using.
Can you try it with adding this line on top of the get and post pages:
header("X-UA-Compatible: IE=Edge");
Upvotes: 0
Reputation: 8663
Most likely the issue is not related to browsers. I believe that there are some people who wait too long and the session expires. After submitting form with expired session the TokenMismatchException happens.
For debugging you can save to log when each of the session is created to see if it was supposed to be expired and you can also play with session lifetime in session.php
Upvotes: 0
Related Questions
- Laravel 5.3: no cookies are set on browser, getting TokenMismatchException
- Laravel 5.4 session token changes on every request
- Laravel 5.3 session cookies are not creating in browser
- Token Miss Match When Session driver is Database Laravel
- Laravel TokenMismatchException database session
- Laravel 5 TokenMismatchException only in iFrame
- Laravel 5 and Internet Explorer : Token Mismatch
- How to disable remeber_token when user close the browse in laravel 5
- Laravel - Login to only one browser at a time
- Token mismatch when changing session driver in Laravel 4