We have developed a website in Laravel 5.3, but only IE/Edge browsers have problem submitting forms (TokenMismatchException).
I tried some ways to fix it like this: TokenMismatchException in Edge and IE 11 with Laravel 5 App. However, P3P policy is no longer supported by IE11/Edge on windows 10. Reference
I found the problem is that IE11/Edge stores duplicate cookies with the same key name (as string) although $_COOKIE stores only one for each keys (as array).
For example,
$_SERVER['HTTP_COOKIE'] = "laravel_session=aaaaa; laravel_session=bbbb"
$_COOKIE = array('laravel_session' => 'aaaaa')
I used a basic web middlewares such as
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
],
Basically, laravel request tries to use the value in $_COOKIE, but sometimes it is not the right one.
In the case, laravel fails decrypting the value (MAC is invalid error occurs in EncryptCookies middleware), so $request->cookies for the key becomes null, and TokenMismatchException is thrown in VerifyCsrfToken middleware.
Does anyone know when IE11/Edge stores duplicate cookies for the same key and how can we avoid it? I cannot find a specific way to happen the problem, but it often happens in IE/Edge.
Here is some more references that may be related to this issue:
