Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I've been making my way through the "Let's Build a Forum" Series and now on Episode 72, I'm getting this error when running my RegistrationTest class -
Tests\Feature\RegistrationTest::user_can_fully_confirm_their_email_addresses
Illuminate\Session\TokenMismatchException:
C:\Users\Desktop\forum\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\VerifyCsrfToken.php:68
I understand that it's an issue with not posting the CSRF token. I found a way to bypass it during testing by putting this inside VerifyCsrfToken.php
protected function tokensMatch($request)
{
// Don't validate CSRF when testing.
if(env('APP_ENV') === 'testing') {
return true;
}
return parent::tokensMatch($request);
}
I guess I'd like to know -
Thanks for any input you can give.
So now I'm really not sure what happened, but running previous tests now comes back with the same TokenMismatchException and additionally, running any test wipes out my MySQL databases. It's using DatabaseMigrations, but previously this was only taking effect on sqlite when testing, so I don't know what's happening that all of my testing stuff is falling apart.
My phpunit.xml hasn't changed--it is still set to use an in-memory sqlite database when testing.
@bmlarson If your DB is getting wiped out, you must have the real DB setup to use for testing. Also, did you make sure you have the middleware correct? RedirectIfEmailNotConfirmed
After lots of experimenting, it seems to have been resolved by running-
php artisan config:clear
But if anyone has clarification on what might have happened here, I can't say as I understand it. My setup was working perfectly before and it seems weird that any of the files that were being edited during the lesson would have caused this issue. Apparently it has something to do with setting the config cache but I don't recall doing that as I didn't even know that it was a thing haha.
That's because in phpunit.xml we partially override default enviroment:
<env name="APP_ENV" value="testing"/>
However, if config is cached, this value won't be passed to it. In VerifyCsrfToken app env is checked. If enviroment is testing, and request come from console token isn't required.
Hi, I've had the same error when using Homestead.
I've solved this error editing my Homestead.yaml file.
I've commented the section where set the global environment viriables for Homestead.
#variables:
# - key: APP_ENV
# value: local
For this reason, Laravel couldn't set the configuration environment to testing , and automatically disable VerifyCsrfToken Middleware in my tests.
After updating the Homestead.yaml, don't forget re-provision the machine by running:
vagrant reload --provision
This will update the PHP-FPM configuration for all of the installed PHP versions and also update the environment for the vagrant user
Hi all,
The funny/odd thing here is that I have the same issue but I do not use Homestead and no vagrant at all, and the clearing the cache did not help me.
So rather than testing trough PHPStorm try testing with iTerm2!
Jeffrey said a couple of times that sometimes PHPStorm plays a bit with the testing(like trowing different exception/error) and in such a cases try using the not integrated console.
I hope that might help someone :)
@BMLARSON - Nice! Fixed the issue... after I wiped out my whole local database
If you're running your tests using PhpStorm, it may not be honoring the phpunit.xml configuration where the APP_ENV value is overridden with "testing".
Under Settings/Languages & Frameworks/PHP/Test Frameworks, you can add PHPUnit Local configuration. There you can specify the path to PHPunit and phpunit.xml
thanks very much. it took me for all day.
Wow! Thanks for that!
Config:clear did the trick
Please or to participate in this conversation.