3

I've been having an issue with Laravel sessions while logging in.

1.Yes, I do have a CSRF token included in my form.

2.Yes, the token has not expired.

3.Yes, the SESSION_SECURE_COOKIE is set to false.

I'm using redis as my SESSION_DRIVER and the expiration time is set to 120 minutes.

The thing that bothers me the most is that 'sometimes it works, and sometimes it does not'.

If I were to open an incognito tab and try to login, 10/20 times it would work without any problems whatsoever, yet the other 10 would result in a

[419 | Session Expired] error

.

My environment is CentOS, Nginx.

There aren't any proxies, and I'm not using Cloudflare either.

I'm really flabbergasted because the behavior is not consistent, it's literally random behavior which results in a successful or an unsuccessful login.

Does anyone have any ideas what might be the case?

John Lobo
  • 14,355
  • 2
  • 10
  • 20
TheDBeetle
  • 81
  • 1
  • 7
  • Cleaning the cache may help: `php artisan optimize:clear` then `php artisan config:clear`. Also, the problem can be an undefined index or variable. Adding `error_reporting(0)` in your middleware before the Auth::check() can help you, if there is any errors/notice/warning that are not being catched by Laravel – GusMilc Jun 23 '21 at 17:02
  • 1
    Tried with clearing the cache, also there are no errors in php, nginx nor laravel's logs folders. – TheDBeetle Jun 23 '21 at 17:05
  • 1
    Check if [this](https://stackoverflow.com/questions/28561509/laravel-5-error-reporting-suppression) help you to find the error first. Also, is the behavior happening only in one page? if you refresh the page it still returns 419? – GusMilc Jun 23 '21 at 17:14
  • 1
    It actually happens on both `/login` and `/register` routes, when I do a refresh and try to submit the form again, it's still a 50/50 chance of a 419 showing up. As I've mentioned before it might even be 10 fails in a row before one goes in. I'll give `error_reporting()` a shot. – TheDBeetle Jun 23 '21 at 17:17

1 Answers1

-2

To solve this error you first need to insert one of the following commands into the form tag.

@csrf OR {{ csrf_field }}

If your problem is not resolved, do the following: (Note that one of the above commands must be in the form tag)

1.Insert one of the following commands into the form tag @csrf OR {{ csrf_field }}

2.Open the .env file and change the values ​​to the "file" in the SESSION_DRIVER section.

3.Then you should reset laravel cache. type below commands in the terminal

php artisan view:clear php artisan route:clear php artisan cache:clear

php artisan config:cache OR php artisan optimize

4.In the final step, unplug the project from the serve and click again on php artisan serve

I hope your problem is resolved

Rakesh kumar Oad
  • 1,332
  • 1
  • 15
  • 24
  • 1. The form would never be submitted if I was lacking a `@csrf` token 2. This definitely has nothing to do with the `SESSION_DRIVER` 3. I already mentioned that I did a full reset of `view/route/cache/config` 4. I'm on `Nginx` as mentioned before, on a live server, there's no need to use `php artisan serve`. – TheDBeetle Jun 23 '21 at 17:26