How to solve "CSRF Token Mismatch" in Laravel

Question

I am working on a laravel application. Upon hosting it on my domain, I am running into a "CSRF token mismatch" error. Locally, the application is working fine because I have included the csrf token in the header as shown in the documentation. Therefore, the csrf token is being generated successfully and being included in the header of requests. On doing some debugging, I changed the SESSION_DRIVER in env file to file so that I can see the sessions. I realized that multiple sessions are being generated for one user. The SESSION_LIFETIME is set to 120, which I believe is okay. In looking at the tokens in the sessions stored in storage/framework/sessions, none contains the token that is generated by the browser. What could be the issue? Remember that it is working fine locally. What configurations on the host domain could be affecting the sessions of the application.

you upload this project on live server recently? If so, then clear everyting `php artisan config:clear` , `php artisan route:clear` , `php artisan view:clear` , `php artisan cache:clear` then try again. I faced the same problem, after found that my liver server still using my local cache files, which i used fin development server — STA, Jul 18 '20 at 10:05
The session is loaded by reading the session cookie and finding the session with the corresponding session id. If the cookie is not sent or contains a session id that expired then a new session is created. I would take a look at how the session cookie looks like first of all — apokryfos, Jul 18 '20 at 10:09
I just realized that every reload, which means a new request, a new token is generated. I realized that by inspecting the meta element that has the csrf token. This only happens in the live server. How can i sort that? What could be the issue considering that it is working fine locally? — Mutevu, Jul 18 '20 at 10:23
Does this answer your question? [Laravel 5.4 Token Mismatch Exception on live server](https://stackoverflow.com/questions/46279779/laravel-5-4-token-mismatch-exception-on-live-server) — OMi Shah, Nov 10 '22 at 16:46

Meeraj Adhikari · Accepted Answer · 2022-06-14T16:14:36.293

18

I once ran into the same error while hosting in the cPanel and took me almost 3days to figure out the solution for my case. I do not know if this works for you but give it a try.

Inside your main index.php file inside the public folder, edit it and at the very top after starting PHP tags, write

ob_start()

This function will take the contents of the output buffer and returns a string that is to be sent to the browser for rendering and removes the spaces or line breaks you put before starting PHP.

Also, try clearing the cache as suggested in the comments.

Let me know if this helps you as well.

edited Jun 14 '22 at 16:14

answered Jul 18 '20 at 10:48

Meeraj Adhikari

362
5
15

Thank you very much. That sorted my problem satisfactorily. Been stuck for days. Thanks again! – Mutevu Jul 18 '20 at 11:01
but what dould be the proble? i had a same issue on my server laravel project – Faiz Sandhi Aug 29 '20 at 12:13
The problem can be something like spaces or line breaks at the very beginning of your php files before you even start the php tags or something more similar to this. This perhaps results in the error as in the question. For more detail information, you can research on why ob_start is used at the very beginning of the php files. – Meeraj Adhikari Aug 29 '20 at 12:24
you save rest of my days xD – Hassan Elshazly Eida Sep 27 '21 at 02:49
thanks man, you have saved my hole days, trying to figure it out for last 3days. – Sharifur Robin Dec 19 '21 at 14:35
thanks a billion, it's saved my day – Shibbir Ahmad Aug 25 '22 at 17:36

score 4 · Answer 2 · edited Aug 08 '21 at 03:50

Add the following line to the head tag.

<meta name="csrf-token" content="{{ csrf_token() }}"> // Add in <head></head>

Then get you can get this content attribute in Laravel. Also, in your script tag, add the following code (this is to make sure when you submit the form, you get the correct csrf_token).

$.ajaxSetup({
    headers: {
        'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
    }
});

score 3 · Answer 3 · answered Aug 06 '21 at 14:23

I had this very same problem, receiving the "CSRF Token Mismatch" exception in Laravel 7, having fixed everything else, like setting the csrf token on page header, in ajax requests, clearing the cache, anything you can think of and usually find in solution proposals.

So, if anyone ever runs into this, I haven't found this solution anywhere else, and it really cost me hours.

I had called the application on the wrong URL!

I used my local IP literally, instead of using the word "localhost".

So, if you're developing locally, calling you app with your IP, try calling it on http://localhost!

Thank you – this was really helpful! In my case, wthe culprit was the redundant trailing forward slash in `APP_URL` in `.env` file! — HynekS, Jul 22 '22 at 08:33

score 0 · Answer 4 · answered Nov 15 '21 at 02:32

0

Unlike @cslotty, in my case I actually had to change my URL from 'localhost' to '127.0.0.1' for it to work. My frontend is in React and the backend in Laravel 8.

answered Nov 15 '21 at 02:32

sookwalinga

21
5

score 0 · Answer 5 · answered Jun 09 '22 at 15:29

0

I faced this issue. I found the solution in Laravel document itself.

We can add $csrf after the form element

<form method="POST" action="/profile">
@csrf

  //input fields here
</form>

answered Jun 09 '22 at 15:29

Muhammed Shihabudeen Labba A

587
6
21

How to solve "CSRF Token Mismatch" in Laravel

5 Answers5

Linked