@Sinnbeck Yes its in .vue

my login vue

<template>

	<Head>
		<title>Login Account - Aplikasi Kasir</title>
	</Head>
	<div class="col-md-4">
		<div class="fade-in">
			<div class="text-center mb-4">
				<a href="" class="text-dark text-decoration-none">
					<img src="/images/logo.png" width="70">
					<h3 class="mt-2 font-weight-bold">Sistem Perencanaan Pembangunan Berbasis Wilayah</h3>
				</a>
			</div>
			<div class="card-group">
				<div class="card border-top-purple border-0 shadow-sm rounded-3">
					<div class="card-body">
						<div class="text-start">
							<h5>Login ke Dashboard</h5>
							<p class="text-muted">Silakan masukkan username dan password</p>
						</div>
						<hr>
						<div v-if="session.status" class="alert alert-success mt-2">
							{{ session.status }}
						</div>
						<form @submit.prevent="submit">
							<div class="input-group mb-3">
								<div class="input-group-prepend">
									<span class="input-group-text">
										<i class="fa fa-envelope"></i>
									</span>
								</div>
								<input class="form-control" v-model="form.email" :class="{ 'is-invalid': errors.email }" type="email"
									placeholder="Email Address">
							</div>
							<div v-if="errors.email" class="alert alert-danger">
								{{ errors.email }}
							</div>
							<div class="input-group mb-3">
								<div class="input-group-prepend">
									<span class="input-group-text">
										<i class="fa fa-lock"></i>
									</span>
								</div>
								<input class="form-control" v-model="form.password" :class="{ 'is-invalid': errors.password }"
									type="password" placeholder="Password">
							</div>
							<div v-if="errors.password" class="alert alert-danger">
								{{ errors.password }}
							</div>
							<div class="row">
								<div class="col-12 mb-3 text-end">
									<Link href="/forgot-password">Forgot Password?</Link>
								</div>
								<div class="col-12">
									<button class="btn btn-primary shadow-sm rounded-sm px-4 w-100" type="submit">LOGIN</button>
								</div>
							</div>
						</form>
					</div>
				</div>
			</div>
		</div>
	</div>
</template>

<script>
//import layout
import LayoutAuth from '../../Layouts/Auth.vue';

//import reactive
import { reactive } from 'vue';

//import inertia adapter
import { Inertia } from '@inertiajs/inertia';

//import Heade and useForm from Inertia
import {
	Head,
	Link,
} from '@inertiajs/inertia-vue3';

export default {

	//layout
	layout: LayoutAuth,

	//register component
	components: {
		Head,
		Link
	},

	props: {
		errors: Object,
		session: Object
	},

	//define composition API
	setup() {

		//define form state
		const form = reactive({
			email: '',
			password: '',
		});

		//submit method
		const submit = () => {

			//send data to server
			Inertia.post('/login', {

				//data
				email: form.email,
				password: form.password,
			});
		}

		//return form state and submit method
		return {
			form,
			submit,
		};

	}

}
</script>

<style>

</style>

@ashafizullah Try removing the csrf token from the app.blade.php

If you're using Laravel, be sure to omit the csrf-token meta tag from your project, as this will prevent the CSRF token from refreshing properly.

https://inertiajs.com/csrf-protection#making-requests

@Sinnbeck i have try that too, before that i dont use csrf token meta tag, and i search on google, then i try to add csrf meta tag, but its also not working

@ashafizullah You should still remove it. And when I wrote that, I didnt know it was working locally..

@Sinnbeck ok sir, i will remove that. But please help me, because the problem is still here

@ashafizullah Ah now thats a very important thing to note. Can you share the login page ?

@Sinnbeck i already share my login.vue code in the previous comment sir, or is there any want you want to see?

@ashafizullah As it works locally, it is most likely not the code.

I meant the url. If not, check that the domain is exactly the same when it submits. www.domain.com is not the same as domain.com !

@Sinnbeck here the url sir data.bappeda.muaraenimkab.go.id/login, i think its already the same domain

@ashafizullah It is sending in the csrf token. So it must be something serverside going wrong. Try running php artisan optimize:clear

@Sinnbeck done sir, i have run that code, its still 419 now. Please re-check that sir.

@ashafizullah I believe you. Can you try

SESSION_DRIVER=cookie

@Sinnbeck done sir, its still not working. I also tried database session driver before, and also not working

@ashafizullah Hm strange. I cannot see any obvious reason for it failing. Can you try php artisan config:clear also ?

And php artisan view:clear

And be sure to run these on the server, not locally

@Sinnbeck yes sir, i have tried run that artisan again. But its still no effect. is it possible because i use php 8.0 on cpanel? Because on local i have use 8.1 php

@ashafizullah Didnt that give an error when you ran composer install on the server ?

@Sinnbeck here its if i run composer install

Installing dependencies from lock file (including require-dev)
Verifying lock file contents can be installed on current platform.
Nothing to install, update or remove
Generating optimized autoload files
> Illuminate\Foundation\ComposerScripts::postAutoloadDump
> @php artisan package:discover --ansi

   INFO  Discovering packages.  

  inertiajs/inertia-laravel ................................................................................... DONE
  laravel/fortify ............................................................................................. DONE
  laravel/sail ................................................................................................ DONE
  laravel/sanctum ............................................................................................. DONE
  laravel/tinker .............................................................................................. DONE
  nesbot/carbon ............................................................................................... DONE
  nunomaduro/collision ........................................................................................ DONE
  nunomaduro/termwind ......................................................................................... DONE
  spatie/laravel-ignition ..................................................................................... DONE
  spatie/laravel-permission ................................................................................... DONE

83 packages you are using are looking for funding.
Use the `composer fund` command to find out more!

@ashafizullah Ok, it must not be locked to your php version. Did you run alll cache clearing commands?

I am trying to see if there are any knows errors with csrf with cpanel (dont use cpanel myself)

@Sinnbeck please tell me the cache clearing command sir, i will try to run it again

Just making sure. Did you by any chance set SESSION_DOMAIN? If you did, try removing it from .env

@ashafizullah php artisan config:clear and php artisan view:clear

@Sinnbeck yes i have try to add session_domain = data.bappeda.muaraenimkab.go.id before, and its still not working, so i delete it. I just done to run cache clearing command sir

@ashafizullah And its not set to an empty sting then? Just making sure

This will break

SESSION_DOMAIN=

@Sinnbeck no sir, i delete it.

my env now:

BROADCAST_DRIVER=log
CACHE_DRIVER=file
FILESYSTEM_DISK=local
QUEUE_CONNECTION=sync
SESSION_DRIVER=cookie
SESSION_LIFETIME=120

MEMCACHED_HOST=127.0.0.1

@ashafizullah No app key?!

php artisan key:generate

@Sinnbeck sorry, here is my full env

APP_NAME=Laravel
APP_ENV=local
APP_KEY=base64:ugGqVg9mnaqIY3BQ/sSQUG2N9oJ+dOxKRL2FsburEgk=
APP_DEBUG=true
APP_URL=ht**tps://data.bappeda.muaraenimkab.go.id

LOG_CHANNEL=stack
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=debug

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=datadb
DB_USERNAME=dataroot
DB_PASSWORD=password

BROADCAST_DRIVER=log
CACHE_DRIVER=file
FILESYSTEM_DISK=local
QUEUE_CONNECTION=sync
SESSION_DRIVER=cookie
SESSION_LIFETIME=120

MEMCACHED_HOST=127.0.0.1

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

MAIL_MAILER=smtp
MAIL_HOST=mailhog
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS="[email protected]"
MAIL_FROM_NAME="${APP_NAME}"

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
AWS_USE_PATH_STYLE_ENDPOINT=false

PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1

MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

@ashafizullah Ah ok all good them. Make a new key as you just have shown it to the internet :) And I assume that password is fake ;)

Found this thread you can try giving a read

https://stackoverflow.com/questions/62967224/how-to-solve-csrf-token-mismatch-in-laravel

@Sinnbeck yes sir its true :D, i have the same project web before this web. Its working perfectly last couple week, and also i dont try to login again these day.

Actually today i ask to my dev ops to give me permission for create this new data.*** subdomain, i dont know after that, this 419 error coming

@Sinnbeck yes sir, i just try add ob_start() in my index.php in public folder and run clearing cache

<?php
ob_start();

use Illuminate\Contracts\Http\Kernel;
use Illuminate\Http\Request;

define('LARAVEL_START', microtime(true));

/*
|--------------------------------------------------------------------------
| Check If The Application Is Under Maintenance
|--------------------------------------------------------------------------
|
| If the application is in maintenance / demo mode via the "down" command
| we will load this file so that any pre-rendered content can be shown
| instead of starting the framework, which could cause an exception.
|
*/

if (file_exists($maintenance = __DIR__.'/../storage/framework/maintenance.php')) {
    require $maintenance;
}

/*

is im right to add ob_start() here sir?

@ashafizullah I cannot say. I have never seen that solution before and have never had the problem myself

btw. You should really replace that logo image! Using a 4mb image for a tiny logo is just bad practice

Just checked app.js. Did you compile this locally? I notice it has localhost in the code ? I'm considering if this is the problem. DId you hardcode localhost in the code somewhere?

https://data.bappeda.muaraenimkab.go.id/js/app.js

@Sinnbeck ok sir, thank you

@Sinnbeck yes i run npm run prod that locally, and push to github then pull on the server sir

i do like that one month ago with another project website, and its ok working sir.

@ashafizullah link so I can compare? Did you check where localhost comes from?

@Sinnbeck here is the link app.js in my local computer sir

jsfiddle.net/#&togetherjs=3wI29GsIIL

@Sinnbeck oh ya, i think localhost is from config/app.php

'url' => env('APP_URL', 'htt*p://localhost'),

@ashafizullah Ok. See if its also localhost on the site that works (in the compiled app.js)

@Sinnbeck yes sir its same. I'm very frustrated and wondering why it's not working on hosting :')

@ashafizullah I honestly have no clue. :/ Dont want to share a link to the site that works so I can compare? Im completely out of ideas

@Sinnbeck here its the demo for works website sir kasir.appdev.my.id

@ashafizullah I am completely clueless then. Maybe compare all settings on the two to see if there are any differences to be found

@Sinnbeck i check kasir.appdev.my.id, and its have X-XSRF-TOKEN on header, while on my login page its nothing

@ashafizullah Hmm I see it in the session cookie on both. Where are you checking ?

@Sinnbeck here the screenshot sir http*s://ibb.co/yYBLht3, i dont find that on my login

@ashafizullah Strange. Dont see that one: https://i.imgur.com/Tzhz8UV.png

@Sinnbeck at very bottom sir, thats there

@Sinnbeck the last one from Request Header section

@Sinnbeck its working normally if i comment verifyCsrfToken in Kernel.php sir

protected $middlewareGroups = [
		'web' => [
			\App\Http\Middleware\EncryptCookies::class,
			\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
			\Illuminate\Session\Middleware\StartSession::class,
			// \Illuminate\Session\Middleware\AuthenticateSession::class,
			\Illuminate\View\Middleware\ShareErrorsFromSession::class,
			// \App\Http\Middleware\VerifyCsrfToken::class,
			\Illuminate\Routing\Middleware\SubstituteBindings::class,
			\App\Http\Middleware\HandleInertiaRequests::class,
		],

		'api' => [
			// \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
			'throttle:api',
			\Illuminate\Routing\Middleware\SubstituteBindings::class,
		],
	];

@ashafizullah Yeah without csrf protection the csrf error disappears. That is how it works :)

@Sinnbeck but is it save to comment verifyCsrfToken sir? I mean not not best solution

@ashafizullah No its a bad solution: It will allow other sites to post data to yours :/

@Sinnbeck oh no, i will activate it again. Still havent find the solution :')

@ashafizullah I wish I has more ideas: My best suggetion is to compare the one that works with the one that does not :/

@Sinnbeck yes sir. I will try that or i will try upload the project to another hosting. Thanks for your suggestions sir

@ashafizullah Happy to help, even though we couldnt really solve it yet

@Sinnbeck I also got a very good first impression from Laracast, this is my first question

@ashafizullah Glad to hear that :)

@Sinnbeck I have a new clue, the XSRF-TOKEN on cookies is not generated when login button clicked, its should refresh the page than generated new token.

But on demo website, laravel session and xsrf-token will generate new token when login button clicked.

http*s://i.ibb.co/0h2qHQG/image.png

@Sinnbeck yes thanks MASTER is this the problem for my

@iLuca so, its still not working now?

@ashafizullah I have no idea to be honest, I just know that I have the same issue as you but in addition to that issue my login CSS is broken :/ I really hope you can find a solution for that error 419 error

@iLuca yeah, its weird. Actually 1 month ago, its working. I dont know why today its not working

@ashafizullah Are you hosting on Heroku?

@iLuca no, its regular hosting