Laravel 5.4 TokenMismatchException (Chrome)

Question

I faced a problem with Laravel 5.4 in POST routes.

When the form submitted, the error TokenMismatchException was shown.

I thought it was about PrefixVariable so I opened this issue on Github. But after testing too much and trying different solutions, I've figured out that the problem wasn't made by Prefix.

Everything in Firefox is OK, the main problem occurs in chrome. The Post routes only work once, after submitting the first form, all the next requests to same URL face TokenMismatchException error.

I've tried followings:

Clearing Chrome cookies and history
Running php artisan cache:clear command
Changing Serve port
Prevent caching in PHP with headers
Prevent caching in HTML with Meta Tags

But the problem still exists.

What's wrong exactly?! It would be appreciated if you help me.

Login Form:

<form method="post" action="{{route('login')}}">
    {!! csrf_field() !!}
    <div class="row">
        <div class="col-xs-12">
            <div class="form-group no-margin">
                <div class="col-xs-6 col-md-10 col-md-offset-1">
                    <input name="username" type="text" class="form-control" placeholder="نام کاربری" value="{{old('username')}}">
                </div>
            </div>
            <div class="form-group no-margin">
                <div class="col-xs-6 col-md-10 col-md-offset-1">
                    <input name="password" type="password" class="form-control" placeholder="کلمه عبور">
                </div>
            </div>
        </div>
        <div class="col-xs-12">

            <div class="form-group no-margin">
                <div class="col-xs-5 col-md-offset-1">
                    <input name="captcha" type="text" class="form-control" placeholder="کپچا">
                </div>
                <div class="col-xs-5 no-pad-right">
                    <img src="{{captcha_src('flat')}}" class="img-responsive">
                </div>
            </div>
        </div>
        <div class="col-xs-12 text-center">
            <div class="form-group">
                <button type="submit" class="btn btn-success btn-raised">ورود<div class="ripple-container"></div></button>
                <button type="reset" class="btn btn-danger btn-raised">انصراف<div class="ripple-container"></div></button>
            </div>
        </div>
    </div>
</form>

web.php

Route::group(['prefix' => config('system.ADMIN_PATH'), 'namespace' => 'Panel'], function(){
    Route::get('/', function(){return redirect()->route('login');});
    Route::get('/auth', 'AuthController@Login')->name('login');
    Route::post('/auth', 'AuthController@Auth')->name('check');
});

AuthController.php:

namespace App\Http\Controllers\Panel;

use Illuminate\Http\Request;
use Illuminate\Routing\Controller;

class AuthController extends Controller
{
    public function Login(Request $request)
    {
        header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
        header("Cache-Control: post-check=0, pre-check=0", false);
        header("Pragma: no-cache");

        return view('admin.login');
    }

    public function Auth(Request $request)
    {
        header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
        header("Cache-Control: post-check=0, pre-check=0", false);
        header("Pragma: no-cache");
        dump($request->all());
        echo "Received";
    }
}

@TobyMellor Just prevent caching. There is no difference in output without headers. — Erfun, Apr 25 '17 at 10:32

اسماعیل زارع · Answer 1 · 2017-09-02T08:03:19.123

This is not a problem with laravel, it's with chrome.

because chrome don't save cookie (reference) for localhost so laravel cant save session id, That's why can't load created session. so it is regenerating.

for test this matter you can remove all storaged session 's and reload your page. if in session storage folder two session file created then this is solution for you.

soloution:

use 127.0.0.1 ip instead of localhost.

that's worked for me. test it.!

score 0 · Answer 2 · answered Apr 25 '17 at 12:20

0

Please reffer this link.May be it will help you.

https://github.com/laravel/framework/issues/15040

answered Apr 25 '17 at 12:20

Nirav Panchal

11
2

score 0 · Answer 3 · answered Apr 25 '17 at 12:32

0

Tell me one thing have you checked layout file with below code as default laravel app.blade.php has provided at the time of installation.

<!-- CSRF Token -->
<meta name="csrf-token" content="{{ csrf_token() }}">


<script>
    window.Laravel = {!! json_encode([
        'csrfToken' => csrf_token(),
    ]) !!};
</script>

answered Apr 25 '17 at 12:32

Baldev Parmar

1
1

1

I'm not working with Ajax. It's just a simple form submission. I think the problem is related to the Chrome settings because the codes are working well in Firefox. – Erfun Apr 25 '17 at 12:36
1

yeah me too. its workwell with firefox, not with chrome @Erfun – Jetwiz Oct 13 '20 at 10:12
@GetWiz Try to clear your chrome caches from Application Tab. – Erfun Oct 13 '20 at 10:25

score 0 · Accepted Answer · answered May 04 '17 at 22:06

I figured out what is the solution!

I was trying to clear the cookies from History in Settings before. I erased XSRF-TOKEN cookie from Inspect Element > Application Tab > Storage (Left side) > Cookies > localhost:portand after doing that, everything was fine.

score 0 · Answer 5 · edited Jun 30 '22 at 19:44

In my case, I have this problem in my online host, not localhost, using laravel 8. So your solution did not work for me

I found that google chrome (only G chrome) treats http://web.com and https://web.com differently. It generates two different sessions for HTTP and HTTPS.

In my site, I logged in with HTTPS and all links with HTTPS had session correctly! But when using HTTP you have different session and can't login.

I changed all links in my site and in default of Laravel to HTTPS and it solved the issue.

Laravel 5.4 TokenMismatchException (Chrome)

5 Answers5