Level 75
What do you have in config/session.php under key same_site?
Set it to the lax
'same_site' => 'lax'
Jun 22, 2020
18
Level 6
419 Page Expired
Hi I am facing a 419 Page Expired problem. I've tried many solutions out there without any luck. I cleared all cache items, I've changed the session_driver and still the same problem.
Any idea where I should be looking?
The problem happens when submitting the login form. The @csrf exists. The Login page hosts a LoginView written in Vue.js and passes as a slot the @csrf token. The token is correctly generated and I can see it inside DevTools.
I am using Laravel 6.
Thank you Bilal
Level 6
Hey, I don't even see this key there! Shall I add it with a value of 'lax'?
Level 75
Yes add it. Then clear cache for config.
Level 6
That didn't help much. I am still getting the same issue.
Level 80
@bilalhaidar It has nothing to do with the same_site config setting.
419 is a HTTP error when the CSRF token is not present in the request, or has a stale value. If you’re using Vue, Laravel should automatically include the CSRF token by parsing it from your HTML page’s meta tag. So check that the page that has the JavaScript, also has the following meta tag:
<meta name="csrf-token" value="{{ csrf_token() }}" />
Level 6
Hi @martinbean Indeed I have the meta tag. I was also using the @csrf inside the Login as follows:
<LoginView ...>
{{ csrf_field() }}
</LoginView>
For some reason, I am still facing the same issue.
Level 18
What is the value of SESSION_SECURE_COOKIE in your .env file? It can also be set in config/session.php. If this is set to true, then you must login via a HTTPS url. Otherwise you get a 419 as well.
Level 6
Hi @sidneygijzen Still the same issue. Everything was working a few days ago and I haven't touched the code since then!
Level 75
@bilalhaidar Which browser do you use?
@martinbean I posted it because chrome change cookies default to SameSite = Lax and I had same problem.
Level 6
Thanks @michaloravec
I am using Chrome. I also tried on Safari same issue.
This is happening with my current setup using Docker. I am not sure if there should be any special handling for laravel hosted on Docker. Although it was working fine on Friday. Suddenly, it stopped working!
Level 75
@bilalhaidar Try it also on Firefox. And try it to set it also as
'same_site' => 'none'
Level 122
using apache?
If so, check that your browser is receiving session cookie.
you can see these in your browser dev tools. Clear the cookies that are there then refresh the page
If you dont see any cookie being sent then you need to check all files that you have edited since it last worked. Somewhere you will have a php file where <?php are not exactly the first characters
Level 6
Thanks @snapey I will check that.
Level 6
Hi @snapey I see cookies related to _gid, _ga, etc. I don't see a cookie set for the authentication.
BTW the AuthenticationSession middleware is commented out for some reason. Is that ok?
Level 75
That middleware is used for Invalidating Sessions On Other Devices
Documentation: https://laravel.com/docs/7.x/authentication#invalidating-sessions-on-other-devices
1 like
Level 122
Are you on apache?
If you dont see any cookie being sent then you need to check all files that you have edited since it last worked. Somewhere you will have a php file where <?php are not exactly the first characters
Level 6
I am running nginx, php, etc on docker using a MacBook pro as a host
Level 122
afaik nginx does not have the same issue
Please or to participate in this conversation.