Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

tomasosho's avatar

i've been getting 419 Page Expired on hosting to shared hosting

My login and registration pages have the same issue, and yes i have @csrf and

    <meta name="csrf-token" content="{{ csrf_token() }}" />
</head>````
0 likes
9 replies
Snapey's avatar

that very short question does not confirm you send csrf with your requests

only that laravel is including the tag in your head section - which it does by default

1 like
tomasosho's avatar

My login form

<form class="lcontact-form" method="POST" action="{{ route('login') }}">
                @csrf
                <label for="username" style="color: #026bb3;">username or email</label>
                @error('username')
                    <span class="invalid-feedback" role="alert">
                        <i style="color:red;">{{ $message }}</i>
                    </span>
                @enderror
                <input type="text" name="username" class="form-control @error('username') is-invalid @enderror"  
                value="{{ old('username') }}" required autocomplete="username" autofocus>
                
                <label for="password" style="color: #026bb3;">password</label>
                @error('password')
                    <span class="invalid-feedback" role="alert">
                        <i style="color:red;">{{ $message }}</i>
                    </span>
                @enderror
                <input type="password" name="password" id="myInput" placeholder="Password" 
                class="form-control @error('password') is-invalid @enderror" required autocomplete="current-password">
                
                <div style="display: inline-block; margin-top: 10px; display: inline-block; margin-bottom: 10px; font-size: small; color: #026bb3; font-style: italic;">
                    <input type="checkbox" class="form-control" onclick="myFunction()"> Show Password
                </div>
                <script>
                    function myFunction() {
                        var x = document.getElementById("myInput");
                        if (x.type === "password") {
                            x.type = "text";
                        } else {
                            x.type = "password";
                        }
                    }
                </script>
                @error('password')
                    <span class="invalid-feedback" role="alert">
                        <strong>{{ $message }}</strong>
                    </span>
                @enderror
                @if (Route::has('password.request'))
                    <a href="{{ route('password.request') }}" class="forget-pwd">Forgot Password</a>
                @endif
                <button class="login-btn">Log in</button>
            </form>

It works in my local host

Snapey's avatar

you need to check if laravel is able to send cookies to your client

check in the dev tools in your browser and see what cookies are being set

1 like
tomasosho's avatar

This was what i got(Tabulated though)

_gid	Medium	
_ga Medium	
_gat	Medium	
__cfduid		✓		Lax	Medium
Snapey's avatar

so no Laravel cookies then

This means no session and therefore a different csrf token on every request

You need to find out why sessions are not working - it's not a csrf issue

tomasosho's avatar

i'm guessing it should be from the server, yes? because its getting csrf token and session on my local host

savala123's avatar

Go to app\Http\Middleware\TrustProxies.php

update protected $proxies; --> protected $proxies = '*';

waadm97's avatar

just add in top public/index.php

ob_start(); it's work with shared host

if not work try change this code in app/Http/Middleware/TrustProxies.php

protected $proxies; to

protected $proxies = '*';

5 likes

Please or to participate in this conversation.