laravel 5.5 The page has expired due to inactivity. Please refresh and try again

Question

I'm new with Laravel and I have a problem which I don't understand. I have а log form in my project and my method is POST. When I try a request the result is:

'The page has expired due to inactivity. Please refresh and try again.'

But if I change the method to GET, It works fine.

Can someone tell me why is that and how to fix it? because of course I need POST method.

Answer 1

Some time its issue with the server storage. In my case server storage was full so it could not write any session to file.So freeing out some server storage solved the issue. Also sometimes it the issue of csrf if we forget to include csrf in post field.

Answer 2

This is very simple for me. maybe the sessions folder is missing in storage/framework/sessions

Answer 3

In my case, it seems to be an issue in my web browser (Firefox for Android) or my smartphone with full storage. In another browsers and devices it works. By the way, the issue happens only when I send files through the form, I realized I currently can't upload files from my smartphone through this browser in any websites like https://filebin.net.

Answer 4

In my case, there was 'space' before <?php in one of my config file. This solved my issue.

Answer 5

if your config is set: SESSION_DRIVER=file you have to check if your session directory is writable. Check storage/framework/session

Answer 6

I recently went through this problem, tried all the solutions proposed here (and the internet) without success for 5 days.

In my case my environment:

Laravel: 5.5

PHP: 7.2

SSL: production

Apache

CENTOS

The problem is that I had automated the deployment using the git --bare repository with ansimble.

And all folders when pushing were with permission 0775 (inherited from the git user). When ansinble was run it replicated this permission to all folders. When composing install for example, all vendor folders also had this permission.

The csrf, has a policy of blocking what is considered insecure, especially if you use an encrypted environment (SSL).

I only realized the problem when I decided to carry out the deployment manually, zipped the project, uploaded it, unzipped it and ran the commands to generate the caches and dependencies. And then I realized that this way all folders were with permission 0755 (inherited from the system user). And this is the default permission that is considered safe.

Answer 7

If anyone still looking for an answer to this issue. For me it happens when I'm switching between local and production server and I'm logged on both sites. To fix the issue, just clear the session.

just set the 'expire_on_close' => true in config\session.php and restart your browser

Answer 8

Excluding URIs From CSRF Protection:

Sometimes you may wish to exclude a set of URIs from CSRF protection. For example, if you are using Stripe to process payments and are utilizing their webhook system, you will need to exclude your Stripe webhook handler route from CSRF protection since Stripe will not know what CSRF token to send to your routes.

Typically, you should place these kinds of routes outside of the web middleware group that the RouteServiceProvider applies to all routes in the routes/web.php file. However, you may also exclude the routes by adding their URIs to the $except property of the VerifyCsrfToken middleware:

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        'stripe/*',
        'http://example.com/foo/bar',
        'http://example.com/foo/*',
    ];
}

Answer 9

I had the same problem, I have tried many solutions. but none worked for me. then I found out that for some reason I was using this in my .env file:

SESSION_DOMAIN= myapp.me

and as soon as I put it back to null, everything worked just fine.

Answer 10

1. It may be csrf token do not have in your form. You have to use @crsf or {{ csrf_field() }}

2. If you are use csrf on your form. It may be cache. Clear your app cache.

   php artisan cache:clear
   php artisan view:clear
   php artisan cache:clear
   

   And clear your browser cache.

3. If errors again show you, then create a new key

   php artisan key:generate
   

Answer 11

If you have already included the CSRF token in your form. Then you are getting the error page possibly because of cache data in your form.

Open your terminal/command prompt and run these commands in your project root.

1. php artisan cache:clear
2. php artisan config:clear
3. php artisan route:clear
4. php artisan view:clear,

Also try to clear the browser cache along with running these commands.

Answer 12

if you need to change form action with Javascript you will have the same problem

1.first you need to use instead of {!!Form::open() !!} {!! close() !!} in laravel
2.second you most begin your action with https://www.example.com +your Route

Do not Forget www in your url!!!

Answer 13

First, include csrf in your form.

{{ csrf_field() }}

if the problem didn't solve, then use ob_start(); at the very start of index.php.

<?php ob_start();

Answer 14

Just add @csrf inside your form tag.

Or you can include csrf_token in the header to send it with every request.

Answer 15

Anytime you define an HTML form in your application, you should include a hidden CSRF token field in the form so that the CSRF protection middleware can validate the request. You may use the csrf_field helper to generate the token field:

<form method="POST" action="/profile">
    {{ csrf_field() }}
    ...
</form>

It doesn't work, then Refresh the browser cache and now it might work,

For more details open link :- CSRF Protection in Laravel 5.5

UPDATE:

With Laravel 5.6 using Blades templates, it's pretty easy.

<form method="POST" action="/profile">
    @csrf
    ...
</form>

For more details open link :- CSRF Protection in Laravel 5.6

Answer 16

This problem comes from the CSRF token verification which fails. So either you're not posting one or you're posting an incorrect one.

The reason it works for GET is that for a GET route in Laravel, there is no CSRF token posted.

You can either post a CSRF token in your form by calling:

{{ csrf_field() }}

Or exclude your route (NOT RECOMMENDED DUE TO SECURITY) in app/Http/Middleware/VerifyCsrfToken.php:

protected $except = [
    'your/route'
];

Answer 17

Go into App/Kernel.php and comment \App\Http\Middleware\VerifyCsrfToken::class.

Answer 18

my problem solved by just adding @csrf in form tag

Laravel 5.6 doesn't support {{ csrf_field() }} just add @csrf in place of {{ csrf_field() }}

larvel_fix_error.png

Answer 19

In my case, I've got the same error message and then figured out that I've missed to add csrf_token for the form field. Then add the csrf_token.

Using form helper that will be,

{{ csrf_field() }}

Or without form helper that will be,

<input type="hidden" name="_token" value="{{ csrf_token() }}">

If that doesn't work, then-

Refresh the browser cache

and now it might work, thanks.

Update For Laravel 5.6

Laravel integrates new @csrf instead of {{ csrf_field() }}. That looks more nice now.

<form action="">
   @csrf
   ...
</form>

Answer 20

Still anyone have this problem, use following code inside your form as below.

 echo '<input type = "hidden" name = "_token" value = "'. csrf_token().'" >';

Answer 21

Tried different solutions to solve the problem for several weeks without success.

The problem I was facing was caused by upgrading from laravel 5.0 to 5.5 and forgot to update config/session.php

If anyone is facing the problem, try to update the config/session.php to match the version on Laravel you are running

Answer 22

I know this question has been satisfactorily answered, but I wanted to mention a fix that worked in my case. I added {{ csrf_field() }} and it still didn't work.

Then I remembered that I blocked all cookies for development purposes, which can be nice when you change the page and want to refresh it.

Once I changed the settings to stop blocking all cookies in MS Edge browser the problem went away.

Answer 23

Place {{csrf_field()}} Into your form tag

Answer 24

In my case , I added ob_start(); at the top of my index.php on server and everything seems to be working fine.

Answer 25

I was facing the same error so i just removed this line from my .env file

SESSION_DRIVER=yourwebsite.com

Answer 26

Verify that your config/session.php file contains this line

'domain' => env('SESSION_DOMAIN', null),

Then remove the SESSION_DOMAIN line in your .env file

Answer 27

We got it working by copying the routes from Router.php instead of using Auth::routes(), these are the routes you need:

Route::get('login', 'Auth\LoginController@showLoginForm')->name('login');
Route::post('login', 'Auth\LoginController@login');
Route::post('logout', 'Auth\LoginController@logout')->name('logout');

// Registration Routes...
Route::get('register', 'Auth\RegisterController@showRegistrationForm')->name('register');
Route::post('register', 'Auth\RegisterController@register');

// Password Reset Routes...
Route::get('password/reset', 'Auth\ForgotPasswordController@showLinkRequestForm')->name('password.request');
Route::post('password/email', 'Auth\ForgotPasswordController@sendResetLinkEmail')->name('password.email');
Route::get('password/reset/{token}', 'Auth\ResetPasswordController@showResetForm')->name('password.reset');
Route::post('password/reset', 'Auth\ResetPasswordController@reset');

Answer 28

Just place this code inside the form

<input type = "hidden" name = "_token" value = "<?php echo csrf_token() ?>" />

Answer 29

It's Funny but it works for me. i realised this is Caused because of default HTML TAG in laravel code. Use /* */ or {{-- --}} instead

Or Try to Remove Recently Html Coment in you code... Or change Html Comment to Php Comment... Or try to run Any Worng artisan command like php artisan clean browser And See if it output any HTML Commented data along with it error...

Answer 30

In my case the same problem was caused because I forgot to add > at the end of my hidden input field, like so: <input type="hidden" name="_token" value="{{ Session::token() }}"

So, I fixed it by adding it:

<input type="hidden" name="_token" value="{{ Session::token() }}">