orphikkkk's avatar

419 Page Expired error on every network request.

My Laravel project was running completely fine and then I had to re setup the project in my laptop so I deleted the project directory and cloned the project in a new directory. After that I get 419 page expired error on every network request. It is showing that error in the network tab when any Livewire network request is triggered and also on any form submission eg. login form.

The project is running completely fine on other devices as I have asked my colleague to test it on their devices but only showing error on my device. I have resetup the project in completely new directory as well.

I have a Mac Book, with Laravel Herd recently added. The project is on Laravel 10 and also has Livewire.

I hope this clears my problem, please ask me if you want more details that I have missed out.

1 like
15 replies
VolkanOner's avatar

Check & try these;

  • Try -> Once i got this error. in some forum, somebody said "set SESSION_DOMAIN=example.test in .env". Try this. That was solved my problem.
  • Try -> php artisan optimize:clear & php artisan session:clear
  • Try -> delete app_key in env & php artisan key:generate.
  • Check -> When u copy a project, some configurations may still set for old project folder. Global search for old project or folder name and update if found any match.
  • Try -> If ur using livewire 3, its still beta. Use v2 until stable version.
  • Try -> If ur using turbolinks for livewire, remove turbolinks. Turbolinks can do this.
  • Check -> If there is a wire:poll on any shared page, try to remove it. Sometimes its not working properly.
  • Check -> Herd is new tech too. Maybe there is a bug. Check for updates.
  • Check -> Look at the Herd docs. Any missing congif or info can be on there.

I hope it helps.

1 like
VolkanOner's avatar

Also "Lary" (AI) says;

The 419 page expired error typically occurs when the CSRF token validation fails. Here are a few steps you can take to troubleshoot and resolve the issue:

Clear Cache: Run the following commands in your project directory to clear the cache:

php artisan cache:clear php artisan config:clear php artisan route:clear Generate New CSRF Token: Run the following command to generate a new CSRF token:

php artisan session:clear Verify CSRF Middleware: Ensure that the VerifyCsrfToken middleware is included in the web middleware group in your app/Http/Kernel.php file:

protected $middlewareGroups = [ 'web' => [ // ... \App\Http\Middleware\VerifyCsrfToken::class, ], ];

Check Session Configuration: Verify that your session configuration in config/session.php is correctly set. Ensure that the domain and secure options are configured appropriately for your environment.

Check Cookie Configuration: Verify that your cookie configuration in config/session.php is correctly set. Ensure that the path and domain options are configured appropriately for your environment.

Check .env File: Ensure that your .env file is correctly configured, especially the APP_URL and SESSION_DOMAIN variables.

Check Server Time: Make sure that the time on your laptop is correctly set. A mismatch in server time and client time can cause issues with CSRF token validation.

Disable CSRF Protection (Temporary): As a temporary solution for testing purposes, you can disable CSRF protection by commenting out the VerifyCsrfToken middleware in the web middleware group. However, this is not recommended for production environments.

If none of the above steps resolve the issue, please provide more details about your setup, including the specific error message and any relevant code snippets, so that I can assist you further.

orphikkkk's avatar

@volkanoner None of the solutions and checks you mentioned works in my case. It seems there is a new file generated in storage/framework/sessions each time the page refreshes or a network request is sent. This happens on any request may that be Livewire (which is Livewire V2) or any Form POST request, there is a new session file generated I believe this might be causing the issue. But I have no idea how this is happening and how to solve this.

bastihilger's avatar

I have a similar problem that only occurs when using Herd. And only in one of my many Laravel projects. It seems the session is not persisting at all, but as I said only in this one project, and it works fine when using Valet. It is on the newest Laravel version, but also a very old project, so chances are I messed something up on one of the many updates I made over the years.

No matter whan session driver I use - the session always "new" on the next refresh. I tested this among other things by comparing the received csrf token and the session token right here in Illuminate\Foundation\Http\Middleware\VerifyCsrfToken:139:

    protected function tokensMatch($request)
    {
        $token = $this->getTokenFromRequest($request);

        ray($token); // this is always different from...
        ray($request->session()->token()); //...this one. strange.

        return is_string($request->session()->token()) &&
               is_string($token) &&
               hash_equals($request->session()->token(), $token);
    }

This is a real head scratcher for me. Especially (I know I mentioned this before) as this ONLY happens in Herd!

nisarkhalid's avatar

@bastihilger I spent almost a week and tried all possible ways - but nothing was working you saved me today - it was the last warning from the client to run it or close the project and you saved me thanks

vrerabek's avatar

@bastihilger Just replying so more people can find this post in the future. This solution worked for me also. THANK YOU!

1 like
vladkhytrov's avatar

I solved the issue by adding:

window.axios.defaults.withCredentials = true;
window.axios.defaults.withXSRFToken = true;

to the bootstrap.js file. See: laravel . com/docs/11.x/sanctum#cors-and-cookies

I was getting 419 on Inertia requests only.

Please or to participate in this conversation.