Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

RobbeCl's avatar

CSRF problem: TokenMismatchException in VerifyCsrfToken.php (line 68)

Hi guys,

I am searching for about 10 hours and can't find a solution to this problem... I deployed my local laravel project to my server and everything works until I want to login / register, then I always get this error. Something I noticed is that when I look at my local project (where the error does not occur) with Google developer tools i go to the Application > storage > cookies section there are 2 tokens set: XSRF-TOKEN & laravel_session. But this is not the case on my server.

I already read about everything there is on this problem on the internet, I changed my storage permissions to 777, I checked all my settings, ...

Thanks for the help in advance guys!

0 likes
4 replies
adamprickett's avatar

Check your settings in config/session.php and make sure they match your current environment:

/*
    |--------------------------------------------------------------------------
    | Session Cookie Path
    |--------------------------------------------------------------------------
    |
    | The session cookie path determines the path for which the cookie will
    | be regarded as available. Typically, this will be the root path of
    | your application but you are free to change this when necessary.
    |
    */
    'path' => '/',
    /*
    |--------------------------------------------------------------------------
    | Session Cookie Domain
    |--------------------------------------------------------------------------
    |
    | Here you may change the domain of the cookie used to identify a session
    | in your application. This will determine which domains the cookie is
    | available to in your application. A sensible default has been set.
    |
    */
    'domain' => env('SESSION_DOMAIN', null),
    /*
    |--------------------------------------------------------------------------
    | HTTPS Only Cookies
    |--------------------------------------------------------------------------
    |
    | By setting this option to true, session cookies will only be sent back
    | to the server if the browser has a HTTPS connection. This will keep
    | the cookie from being sent to you if it can not be done securely.
    |
    */
    'secure' => env('SESSION_SECURE_COOKIE', false),
RobbeCl's avatar

If my domainname was for example: example.com.

Would i have to fill in this: Path => "/" Domain => "example.com"

?

Thank for the reply!!

kognitif's avatar

did you cleaned up your cache ? try

php artisan clear
php artisan cache:config
composer dump-autoload

and no you dont have to change the path. change the application url in .env file.

RobbeCl's avatar

Thanks for your reply, still no good luck :/

Has it something to do with the fact that there aren't any cookies set? Because on my other laravel application (which i managed to set on my server without any problems) the cookies are set

Please or to participate in this conversation.