Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

keving's avatar

CSRF Token Mismatch on same Session ID? (5.2)

I have many Problems with CSRF Token Often they do not match. I don't know where the problem is. I created a simple logging part in the VerifyCsrfToken Part.

[2016-01-26 17:25:35] local.INFO: Request session - Session ID: 422b4e864d2d1e31c7d228be603607ab77fdc4a5  
[2016-01-26 17:25:35] local.INFO: App Session     - Session ID: 422b4e864d2d1e31c7d228be603607ab77fdc4a5  
[2016-01-26 17:25:35] local.INFO: Form Token  : HODgsXpeOhfFzDSv5O7husOs9Uf5rWwuEamHHZYv  
[2016-01-26 17:25:35] local.INFO: Stored Token: HODgsXpeOhfFzDSv5O7husOs9Uf5rWwuEamHHZYv

A new Request some seconds later:

[2016-01-26 17:26:47] local.INFO: Request session - Session ID: 14993efef3db964a5c824936d506db0a3fee9b5f  
[2016-01-26 17:26:47] local.INFO: App Session     - Session ID: 14993efef3db964a5c824936d506db0a3fee9b5f  
[2016-01-26 17:26:47] local.INFO: Form Token  : HODgsXpeOhfFzDSv5O7husOs9Uf5rWwuEamHHZYv  
[2016-01-26 17:26:47] local.INFO: Stored Token: x6PxD1jQmxiJ8B8Xs2aJi16KMeHMsM36Zob1ChI5

The csrf form part

                        <form action="{{ route('admin_job_create') }}" method="POST" role="form">
                            {!! csrf_field() !!}

I don't know what to do :( Disabling CSRF is only a trick around the Problem.

0 likes
3 replies
d3xt3r's avatar

Your session id changed and hence the token. any idea why ? deleted cookies ?

keving's avatar

I don't realy know it. That is the Problem I didn't deleted any Cookies or anything. I didn't idle for 120 minutes :D

keving's avatar

It seems that Chrome is the Problem. Working fine on FIrefox

I disabled all Addons on Chrome. Anyone have heard of the Session Problem with Chrome?

Please or to participate in this conversation.