Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Currently using Laravel 8 and I need help with Laravel generating multiple sessions which eventually leads to CFToken mismatch error. Everything works fine, until I make multiple ajax calls which then creates the same number of session. So it seems like the number of ajax calls = the number of session created. So I went into the controller and disabled the query and just return a hard code value. It still creates multiple sessions.
So can it be my middleware that can be generating multiple sessions. What would be the best approach of trying to resolve this issue. I'm relatively new to Laravel, so any guidance would be greatly appreciated.
@johnw65 If you’re making AJAX calls then they’re usually make to API endpoints, and API endpoints should be stateless.
If you’re on a page that’s make AJAX calls (particularly POSTs) to web routes then yes, that’s going to regenerate the session and the CSRF token, meaning if you try and submit any forms from the original page, the CSRF token will have changed from the one that’s in the hidden _token input and now invalidated.
So it's OK to have multiple session created? Then why am I getting CSRF token error and my session value such as userID dropping randomly. I have my ajax setup on POST and along with my form, I send a _token.
Martin, I'm relatively new to Laravel and I'm lost. Thanks for your assistance.
Please or to participate in this conversation.