8

I'm getting this error when I try to use auth in Laravel 5.2. That had happened after moving to live server. On my local server everything works fine.

Token inside form and is Session:token() are the same.

UPD: I put dd($request) in laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php

and the _token value NOT matches _token input that is in form.

I tried:

  • Disable CSRF for auth routes, added routes in except array in Midd/VerifyCsrfToken.php.
    • Set up 777 rights to /storage /bootstrap folders.
    • Used {!! csrf_field() !!} and name="_token" value="{{ csrf_token() }}">.
    • Changed domain in config/session.php.
    • php artisan key:generate.
    • Re-installed Auth. Also routes where I have middleware = auth.basic I'm getting "Invalid credentials" even without asking to log in at first.

On my local server it works fine.

Zoe
  • 27,060
  • 21
  • 118
  • 148
zm_fans
  • 101
  • 4
  • 1
    Check Laravel's session directory. Maybe you do not permission to write. – Tam Nguyen Oct 27 '16 at 10:39
  • The storage folder and all folders inside have 777 rights , also when I delete all files from session directory they appear again. – zm_fans Oct 27 '16 at 10:52
  • Did you try this: http://stackoverflow.com/questions/34866404/tokenmismatchexception-in-verifycsrftoken-php-line-67 – Tam Nguyen Oct 27 '16 at 10:57
  • If you use the same doamin for local and live server. Clear your web cookie will fix it – Tam Nguyen Oct 27 '16 at 11:00
  • I have tried everything from that article, my local env on my laptop, but prod on a remote server. – zm_fans Oct 27 '16 at 11:05
  • Take a look at this: https://github.com/laravel/framework/issues/14879 – Wistar Oct 27 '16 at 14:21
  • I know this isnt the best thing to do but you can exclude specific routes from using the CSRF token. In the VerifyCsrfToken.php file under the Middleware directory you can add the route in the protected $except array but you should use this as a last resort – Yeak Oct 31 '16 at 22:29
  • i do have a same problem , please help us. – Punit Gajjar Dec 16 '16 at 06:26
  • did you manage to solve it, i am having same issue @Punit.. – Saqueib Apr 02 '17 at 12:06
  • @Saqueib , unfortunately nope i had to leave that project – Punit Gajjar Apr 03 '17 at 04:43
  • Now I'm getting this error TokenMismatchException in compiled.php line 3227, but if I will put /login route in the $except variable in VerifyCrsftoken.php , then after login with right credentials it redirects me to /admin then after 1 second back to login. On my local server everything works well. – zm_fans Jul 03 '17 at 07:51
  • did you try **php artisan cache:clear** and then **composer dump:autoload**? – Wdy Dev Jul 13 '17 at 22:15
  • I did, but it does not help. – zm_fans Jul 16 '17 at 06:11
  • I had the same problem just with my test server, but the production server works fine. Now, when I try it in a new, _`incognito window`_ of my browser, it also works fine with my test server! Then I deleted all the cache and cookies of that domain and now all works fine! – matthiku Jun 25 '18 at 13:27

2 Answers2

0

Does your handler look like this?

<?php 
...
public function handle( $request, Closure $next )
{
    if (
        $this->isReading($request) ||
        //$this->runningUnitTests() ||
        $this->shouldPassThrough($request) ||
        $this->tokensMatch($request)
    ) {
        return $this->addCookieToResponse($request, $next($request));
    }

    // redirect the user back to the last page and show error
    return Redirect::back()->withErrors('Sorry, we could not verify your request. Please try again. (You waited too long to submit your form)');
}
Lucas
  • 469
  • 3
  • 7
  • I did not change my handler. The problem only on prod server, on local server everything works fine. I think it is something with the server itself or configs. If I will add login route to $except in /Middleware/VerifyCsrfToken.php, after successful login, the scripts redirects to /admin (credentials is right), then straight after that again to /login. – zm_fans Jul 31 '17 at 05:43
  • right, sorry about that. Are you using FastCGI on the production server? If so, you'll need this in your .htaccess for it to work correctly. RewriteCond %{HTTP:Authorization} ^(.+)$ RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] – Lucas Jul 31 '17 at 18:08
  • Yes, I have Server API : CGI/FastCGI, and also I have these lines in my .htaccess file. – zm_fans Aug 01 '17 at 05:09
  • I have fixed this issue, the problem was in one space in AuthController before namespace App\Http\Controllers\Auth; But now I got another problem, Auth::check() always return false, so my Admin middleware doesn't work. – zm_fans Aug 01 '17 at 06:51
  • Awesome, that's progress. Is there a message with Auth::check()? Have you tried the shortcut function auth()->check()? – Lucas Aug 01 '17 at 17:47
0

Try it it will solve your problem, It is because of http and https conflict.

Goto "session.php" file change this: 

'secure' => env('SESSION_SECURE_COOKIE', false),

to this: 

'secure' => true,
Zoe
  • 27,060
  • 21
  • 118
  • 148
Malik Atique
  • 1
  • 1