Keep getting TokenMismatchException VerifyCsrfToken.php on line 46

Try :

<input name="_token" type="hidden" value="{!! csrf_token() !!}" />

Thank Bestmomo, but tried them all ;-) and just did again, no change.

Is any ajax involved on your site? For example I once (still doing) do a jquery mobile project and this is a frequent problem for me until I set 'data-ajax' attribute to off on form submission.

@kayintveen at last before

{{ Form::token() }}
  </form>

try this before closing form

Is it L5 ?

@polarcubs no no ajax this time ;-) I do have ajax posts but yesterday they did work i need to add a user with tinker and try again..

Vipin93: i then get this echoed: name="_token" type="hidden" value="TnlNlGDWNwT4fzNjDW7YRP6YF6GcYf7Lf1jdvzdt"> the same taken in the normal input field.

Bestmomo: Yes it's L5.

The method where token is checked is (in Illuminate\Foundation\Http\Middleware\VerifyCsrfToken) :

/**
 * Determine if the session and input CSRF tokens match.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return bool
 */
protected function tokensMatch($request)
{
    $token = $request->session()->token();

    $header = $request->header('X-XSRF-TOKEN');

    return StringUtils::equals($token, $request->input('_token')) ||
           ($header && StringUtils::equals($token, $this->encrypter->decrypt($header)));
}

So debug there to know what happens.

When i echo $token, $header and $request->input('_token')

Token: 3EbMponydiVQarG0E1C6LOpGLQK6Tq5tC7MvCLnn Header: Empty! Request input: Hf1SxesWw7aENCmljZrh5ziLUz5voT9ur6QzR6il

So you dont have same token in session and in your form... strange...

Jup indeed strange, So i have absolute no clue where to start debugging next. the strange thing is for 3 days in a row no issues. and all of a sudden this issue

Try clean views cache (storage/framework/views), delete all files but keep .gitignore. I've had many issues with this cache.

No change :(

When I get something like this I just create a fresh installation, copy all my custom files in it, and it goes...

Sure that can be done, but don't u think its kinda strange. what if my application is live and all of a sudden it goes broke like this?

You are in development phase, so you change many things and sometimes you forget some code somewhere. Not that on live application.

indeed after a reinstall it all works again. but still strange if you ask me ;-)

There are so many strange things with coding :-)

Bestmomo, just a quick reply again. issues seems maybe to be connected? i did the clean install and at first glance it looks ok.

but now he just wont create the session for me or something. becuase when i login it gets redirected to /home and then right back to auth/login

i tried DD(Auth::user()); on /home but gives null

but when i try Auth::loginUsingId(1); dd(Auth::user());

it works perfectly.

really no clue whats going on here..

EDIT: Just a fun thing to notice. i just instead of use mamp pro i did the standard php -S localhost:8888 -r public When i then login i get a tokenmismatch again

Sometimes it's a good way to clean all cookies in navigator.

Tried cookies, did not work.

The last hope was installing homestead, and that was just right away! no problems, redirecting issues solved and even the token issue without the clean install worked :|

So install homestead fixed it!

Edit: sorry for choosing my own answer as the best one, Thank you very much, you really helpt walking me through this.

i am solving this issue by commented out the the Csrf middleware in app/Http/Kernel.php

I've been getting this issue as well, and only in Laravel 5.

Development goes smoothly and everything plays nice there (homestead environment), but when I deploy to my production environment (Debian, nginx) I run into the issues - sporadically.

It seems that Laravel can't set the cookie for whatever reason. It has permission to create the session files and does so with the correct permissions on the created files (in storage/framework/sessions), but because it's not generating the cookie, it's creating a new session every time. This means that the CSRF token changes on each page refresh and I suspect because of this, the reason I'm hitting the CSRF token mismatch exception.

If I manually create a cookie in a route closure, it doesn't seem to persist either:

Route::get('testing', function ()
{
    Cookie::forever('testing', 'first test');
    Cookie::make('testing2', 'second test', 5);
});

Route::get('testing2', function ()
{
    dd(Cookie::get('testing'), Cookie::get('testing2'));
});

Both return null.

It seems, however, after attempting to create these two cookies that Laravel is then able to create the regular cookies in the browser.

I've tried the latest Safari, Firefox, and Chrome on OS X (Yosemite) with no change in outcome. I've tried deleting the session files from the filesystem manually and that didn't help, either.

I wonder if it has something to do with the way that the remember token is handled (i.e. if I login on my work machine, then try and login again on my home machine I get issues) - but I'm not convinced this issue is consistent. When I was redeveloping my site in homestead on the weekend it was working fine, but I was unable to login immediately after making my first push to production.

Unfortunately, I haven't had a chance to look into it in any great detail just yet. Hopefully I'll get some time this weekend to do so. I'm not convinced it's a global issue with Laravel 5, though, as it only seems to present in some instances and it may well have something to do with the environment - whether that's got to do with the operating system, or the nginx configuration, I'll need to look further in to.

As I stated at the top of my post, this appears to be Laravel 5 only - I have a Laravel 4.2 app that I have no issues logging into - either from development to production environment on a single machine (same homestead and Debian local and development environments as the other) - or logging in on my work AND home machines.

It also doesn't seem to matter what storage engine I use for the sessions - database, cookie, and file all behaved in the same way in Laravel 5. I hope to be able to find the cause, though. From some general googling, I'm not the only one to have run into the issue, but the resolutions I've come across thus far either don't work, or don't work consistently and it's put a few hours worth of frustration into me so far.

Fingers crossed I or somebody else comes across the root cause soon, it's the only real gripe (aside from Elixir issues - but those are more related to gulp anyway) that I have with my Laravel 5 sites, and one I would love nothing more than to get to the bottom of!

@polarcubs So you dont have same token in session and in your form... strange...

The token isn't getting set in the browser and thus the form at all, hence it keeps changing. That's the problem I've been encountering. It resolves itself eventually, but I'd like to find the cause.

I know this has been marked as answered but I as well am having the same problem. I am using Windows with WAMP. I cleared my sessions, views (cache was empty) in the storage folder. Still the same issue. I have seen some people recommend disabling the CSRF middleware but I would really like to keep it for security. What is causing this?

I think I have this figured out. It appears to be related to using the same key in both your local/dev environment and production one.

I'm not sure how you'd get collisions, though, given that the sessions should be independent of environment, but I was doing some local development earlier. Everything was working fine in dev, pushed the code live and hit the TokenMismatchException as soon as I tried to login.

I had a poke around my .env file and sure enough, the keys were the same between my two environments. Changing the key in my prod environment and the TokenMismatchException went away straight away.

This is the only thing I've been able to do to make the issue go away and it sort of makes sense. The other thing I was doing was setting up a get route (in my prod environment) that did a Cookie::make. I hit the route, then I was able to login ok.

I've been having this issue lately and I recently tried resetting the App Key. As of now this has helped! Thanks @deringer! I'll keep this thread updated to see if it has solved my problem long-term. Here is the artisan command for generating a new app key.

php artisan key:generate

This will not help many people but I was getting this message because my disk was full. It couldn't save the updated token on the system but it would return it to the session. I spent forever before realizing my disk was full. df -H pointed this out quick.

This is shades of CodeIgniter. Having the same issue with Laravel 5 running PHP 5.6.9 giving 'TokenMismatchException VerifyCsrfToken.php on line 46' on every post request. L5 running PHP 5.4 no problem. Anybody know of a fix? I tried every suggestion including a full reinstall but no luck.

I am having the same issue for every post request on laravel development server. But running my project from EasyPhp local server i didn't get any mismatch error. This is the post i encountered while trying to solve the issue : https://github.com/laravel/framework/issues/8172