Level 1
I have this same problem. Did anyone ever solve this?
Sep 5, 2018
6
Level 1
CSRF Token keeps changing in session using Memcached
So our app constantly gives a TokenMismatchError, and we were able to narrow it down to the session storage. For some reason the CSRF token in the session changes when a request is made, whether it be a normal HTTP request or an AJAX request.
We are currently using Memcached as the session driver, and I was reading through some of the threads here which narrowed down the problem to changing the session driver to use cookies.
While that would probably work, is there a way to get the Memcached driver to work properly? We really want to use Memcached as the session driver, so would like to avoid changing it to something else.
Level 122
You are using memcached as the session store. You still require cookies to indicate which session belongs to the user. Being unable to maintain csrf token is often a sign that the server cannot send cookies to the client.
You should check this by looking in your browser tools to see if the laravel cookies are present.
edit: sorry, my comment should be aimed at @hayden09 who should really post their own question, not reopen a 2-year old thread.
Level 1
Hi Snapey,
I appreciate the reply. I replied here because this is my issue and I figured it would be better to continue on a thread that clearly didn't get answered yet.
The issue I have is that cache control max age seems to be 0, so the CSRF token always changes on any page interaction (clicking on a new page, searching, etc).
I was able to "fix" the problem by changing the session store method to native from memcached. But in turn it quickly runs out of memory after a little while and causes the site to essentially crash.
The other weird part of it is that memcached is working on several other sites on the same webserver using csrf tokens, and these websites are all coming from the same code base.
Level 122
The issue I have is that cache control max age seems to be 0, so the CSRF token always changes on any page interaction (clicking on a new page, searching, etc).
not relevant
Level 1
Okay, thank you for making me aware of that.
Is there any reason why two sites on the same webserver both using the same sessions php and memcached would have one working with csrf and the other not?
They are identical sites, just with different views.
I have admittedly inherited this system to maintain and don't fully understand how one could work and not the other. Where are the laravel cookies setup inside the site?
Level 122
please see my previous reply and check if you are receiving cookies from this site
Please or to participate in this conversation.