6

In a local server the following laravel project working fine, But When the project upload on online server it's showing the problem.

When trying to login then its show:

419 | page expired.

I have cleared route, view, cache, and config when I uploaded it on online serve.

miken32
  • 42,008
  • 16
  • 111
  • 154
Belal Khan
  • 148
  • 1
  • 1
  • 8
  • Does this answer your question? [Post request in Laravel - Error - 419 Sorry, your session/ 419 your page has expired](https://stackoverflow.com/questions/52583886/post-request-in-laravel-error-419-sorry-your-session-419-your-page-has-exp) – miken32 Aug 12 '23 at 15:36

6 Answers6

7

This error occurs due to CSRF token verification failure, misconfigured cache, permissions, improper session settings. This error shows up when a user submits a post request. You can fix it by doing belows:

  1. CSRF token verification failure The most common reason for the 419 error is CSRF token failure. Cross-site request forgery is a unique, encrypted value generated by the server. This is included in the HTTP request of the client. Later the server verifies it. If this fails, it leads to session expired error. So, you check the CSRF setting in the Laravel config.

  2. Session expired error due to cache Sometimes, the cache can also lead to session expired error in front-end. This can be both the server cache and browser cache. So, clear the server cache using php artisan cache:clear.

  3. Laravel file and folder permissions Similarly, improper file or folder permission can also lead to errors. Usually, web servers need write-permissions on the Laravel folders storage and vendor. Also, session storage needs write-permission. So, give permissions as,

chmod -R 755 storage

chmod -R 755 vendor

chmod -R 644 bootstrap/caches
  1. Laravel session setting Last but not least, session settings can also cause a 419 error. The app/config/session.php is the session config file. Check for a few important parameters – domain and secure.
'domain' => env('SESSION_DOMAIN', null),
'secure' => env('SESSION_SECURE_COOKIE', false), // in case of cookie

These step by step approach fixes the error and make Laravel working again.

Farhod Nematov
  • 470
  • 2
  • 8
2

Just put {{ csrf_field() }} like others have said above, below login form, Laravel does not allow request forgery attacks.

Udhav Sarvaiya
  • 9,380
  • 13
  • 53
  • 64
konz laugoko
  • 79
  • 1
  • 9
1

We get this error page when CSRF token get expired. This issue generally happens when you load a page with form(eg. login page, registration page) then after a long time you submit the form. We get this because, the CSRF is expired by the time.

To solve this:

You can increase the lifetime in the config/session.php file.

Imran
  • 4,582
  • 2
  • 18
  • 37
1

Your error seems to be related to 'csrf_token'. Either it is missing the csrf token or your route needs to be put in the exclusion list. See laravel doc for help.

A.G.
  • 194
  • 2
  • 10
1

There's also the SESSION_LIFETIME key in your .env file.

It refers to the number of minutes to hold the session active, in minutes.

I had issues with mine set to 1 minute for testing, and then I forgot about it, so my CSRF would expire quickly while filling out forms.

I set it to 60 minutes to fix:

SESSION_DRIVER=file
SESSION_LIFETIME=60
agm1984
  • 15,500
  • 6
  • 89
  • 113
0

In case you're using the database driver for your sessions and either UUIDs or ULIDs for your user IDs, make sure the user_id field in the sessions table reflects the correct format. If it's a bigint unsigned field, it'll cause 419 errors if you're using ULIDs or UUIDs.

Justin Russell
  • 1,009
  • 1
  • 9
  • 15