Level 1
So, obviously the token printed out by csrf_field is different from the token obtained from the session. How is this possible?
Feb 25, 2016
9
Level 1
CSRF Token Mismatch when moved to new server
I started a project on my local machine. I am able to login fine there. I do have the {{csrf_field()}} inside my login form.
I set up a remote server for testing and I am getting this error when logging in.
TokenMismatchException in VerifyCsrfToken.php line 67:
in VerifyCsrfToken.php line 67
at VerifyCsrfToken->handle(object(Request), object(Closure))
at call_user_func_array(array(object(VerifyCsrfToken), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing{closure}(object(Request)) in ShareErrorsFromSession.php line 49
at ShareErrorsFromSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(ShareErrorsFromSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
The project run's fine on mine and another developer's machine. The only difference is our servers are windows and the test server is linux. Any ideas on what could be happening?
I am using the out of the box login. This declaration is in the web middleware Route::auth();
Level 65
I bet on each load, the token is regenerated? Have you checked the session storage driver?
Level 1
@bashy I was just looking into that. I am using 'file' driver. It looks like each time the login page is requested, a new session is getting generated on the server. Also, you are right, it is a new token each time. I am using the default 120 lifetime. Any ideas?
Level 65
Have you got anything different with the way you have your domain? HTTPS or a change in the session.php settings? If you have secure => true, it will do that on a HTTP request.
5 likes
Level 1
Wow, that was it. I am just getting this server configured and I was testing to see if things were working before I put in the cert requests and finalized the http config. I turned off secure and it was working. Thanks @bashy
Level 65
No problem. Had that issue myself so I always ask that question :P
Level 1
Simply clear the session folder, old sessions remain when the server is copied.
Level 1
I had the same issue, but my problem was that I had set "SESSION_DOMAIN" in the .env file to a different domain.
2 likes
Level 1
@cove This helped me. All my forms worked well on local and shared hosting until I moved to Cloudways. and the forms started misbehaving. I never had a SESSION_DOMAIN set in my env file and session.php looks like this
'domain' => env('SESSION_DOMAIN', null),
``
Please or to participate in this conversation.