Laravel 5.4 TokenMismatchException (Chrome)

Question

I faced a problem with Laravel 5.4 in POST routes.

When the form submitted, the error TokenMismatchException was shown.

I thought it was about PrefixVariable so I opened this issue on Github. But after testing too much and trying different solutions, I've figured out that the problem wasn't made by Prefix.

Everything in Firefox is OK, the main problem occurs in chrome. The Post routes only work once, after submitting the first form, all the next requests to same URL face TokenMismatchException error.

I've tried followings:

• Clearing Chrome cookies and history
• Running php artisan cache:clear command
• Changing Serve port
• Prevent caching in PHP with headers
• Prevent caching in HTML with Meta Tags

But the problem still exists.

What's wrong exactly?! It would be appreciated if you help me.

Login Form:

<form method="post" action="{{route('login')}}">
    {!! csrf_field() !!}
    <div class="row">
        <div class="col-xs-12">
            <div class="form-group no-margin">
                <div class="col-xs-6 col-md-10 col-md-offset-1">
                    <input name="username" type="text" class="form-control" placeholder="نام کاربری" value="{{old('username')}}">
                </div>
            </div>
            <div class="form-group no-margin">
                <div class="col-xs-6 col-md-10 col-md-offset-1">
                    <input name="password" type="password" class="form-control" placeholder="کلمه عبور">
                </div>
            </div>
        </div>
        <div class="col-xs-12">

            <div class="form-group no-margin">
                <div class="col-xs-5 col-md-offset-1">
                    <input name="captcha" type="text" class="form-control" placeholder="کپچا">
                </div>
                <div class="col-xs-5 no-pad-right">
                    <img src="{{captcha_src('flat')}}" class="img-responsive">
                </div>
            </div>
        </div>
        <div class="col-xs-12 text-center">
            <div class="form-group">
                <button type="submit" class="btn btn-success btn-raised">ورود<div class="ripple-container"></div></button>
                <button type="reset" class="btn btn-danger btn-raised">انصراف<div class="ripple-container"></div></button>
            </div>
        </div>
    </div>
</form>

web.php

Route::group(['prefix' => config('system.ADMIN_PATH'), 'namespace' => 'Panel'], function(){
    Route::get('/', function(){return redirect()->route('login');});
    Route::get('/auth', 'AuthController@Login')->name('login');
    Route::post('/auth', 'AuthController@Auth')->name('check');
});

AuthController.php:

namespace App\Http\Controllers\Panel;

use Illuminate\Http\Request;
use Illuminate\Routing\Controller;

class AuthController extends Controller
{
    public function Login(Request $request)
    {
        header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
        header("Cache-Control: post-check=0, pre-check=0", false);
        header("Pragma: no-cache");

        return view('admin.login');
    }

    public function Auth(Request $request)
    {
        header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
        header("Cache-Control: post-check=0, pre-check=0", false);
        header("Pragma: no-cache");
        dump($request->all());
        echo "Received";
    }
}

Answer 1

In my case, I have this problem in my online host, not localhost, using laravel 8. So your solution did not work for me

I found that google chrome (only G chrome) treats http://web.com and https://web.com differently. It generates two different sessions for HTTP and HTTPS.

In my site, I logged in with HTTPS and all links with HTTPS had session correctly! But when using HTTP you have different session and can't login.

I changed all links in my site and in default of Laravel to HTTPS and it solved the issue.

Answer 2

This is not a problem with laravel, it's with chrome.

because chrome don't save cookie (reference) for localhost so laravel cant save session id, That's why can't load created session. so it is regenerating.

for test this matter you can remove all storaged session 's and reload your page. if in session storage folder two session file created then this is solution for you.

soloution:

use 127.0.0.1 ip instead of localhost.

that's worked for me. test it.!

Answer 3

I figured out what is the solution!

I was trying to clear the cookies from History in Settings before. I erased XSRF-TOKEN cookie from Inspect Element > Application Tab > Storage (Left side) > Cookies > localhost:portand after doing that, everything was fine.

Answer 4

Tell me one thing have you checked layout file with below code as default laravel app.blade.php has provided at the time of installation.

<!-- CSRF Token -->
<meta name="csrf-token" content="{{ csrf_token() }}">


<script>
    window.Laravel = {!! json_encode([
        'csrfToken' => csrf_token(),
    ]) !!};
</script>

Answer 5

Please reffer this link.May be it will help you.

https://github.com/laravel/framework/issues/15040