[5.3] TokenMismatchException in Laravel's auth form

If you are using php artisan serv and host at localhost:8000 and switch between more that one project hosted by same domain localhost:8000, you should clear your browser cache and history every time you switch project or you can set different *.dev domain for each project

Study some intro videos, you have missed something.

@mahmoud_eid - I'm using Homestead.

@jlrdw - Nope. Step by step what I do:

1. laravel new blog / composer create-project --prefer-dist laravel/laravel blog (I've tried serverl times)
2. php artisan make:auth
3. setting up .env with proper data
4. php artisan migrate

The login/register page is fine. The only problem is this CsrfToken exception.

I think I figured that out. But the solution is quite odd and it is not related to the Csrf module. With many debugs and testing I found out that the key reason of this bug is another exception

file_put_contents(): Exclusive locks are not supported for this stream

So, I changed in laravel/framework/src/Illuminate/Filesystem/Filesystem.php line ~111 method put:

return file_put_contents($path, $contents, $lock ? LOCK_EX : 0);

to:

return file_put_contents($path, $contents, $lock ? LOCK_SH : 0);

(changed LOCK_EX to LOCK_SH)

And it works. I think my Vagrant machine has some bad configuration (I had problems with installation on my AMD computer) and that is the main factor of this whole issue. Shouldn't it be reported to Laravel's GitHub?

@MountainDev I just did the change and it works! but I'm not working with Vagrant, I'm just using php artisan serve on my dev computer.

Can someone help in forking the repo or pushing the change to the Laravel Staff? https://github.com/laravel/framework/issues/15040

the issue is real. I just installed a fresh 5.3 and make:auth the same problem with me. its clearly a Framework issue that is needed to be address ASAP.

To bad,

I have a brand new pull and this did not solve my issue. Still getting the TokenMismatch error. Eventhough i have it as a meta parameter. Sessions are working.

Did you guys check the APP_URL parameter? Did it match your url you work on? That solved my problem.

i was facing the same issue with my application running on laravel 5.3. Adding the fix described by @MountainDev solved the problem but i reverted the changes back as the cause of my problem was something else.

When i ran composer update, it complained that php-mbstring module was missing from my php installation because i had updated the php5.6 to php7.0 recently. So i installed the php7.0-mbstring module and the issue was gone.

There was another situation when i faced the same issue. The SESSION_DOMAIN and APP_URL was set to www.domain.com in .env file. But the site was serving traffic from non-www url also. Whenever i visited the site using non-www url i was getting that Token mismatch error. So i modified my server block to redirect the traffic from non-www url (domail.com) to www url (www.domail.com).

Comment the \App\Http\Middleware\VerifyCsrfToken::class line from App\Http\Kernel.php. It will disable the csrfToken check in the session.

It worked for me.

Check your storage folder permission . This helps me:

chmod -R 777 storage

777 is a bad idea, but you get the point :)

Above solution by @vannyvann works for me. Before, I developed using built in PHP server. This Csrf token error happened when I started using Linux XAMPP's virtual host instead of built in PHP server. Doing above works for me, thanks @vannyvann