Session driver database - CSRF Token ERROR

Did you create the table in the database for the sessions?

Thank you for reply bobby! Yes. I followed this steps:

1º- create the table php artisan session:table composer dump-autoload php artisan migrate

2º - change the driver in session.php config file 'driver' => env('SESSION_DRIVER', 'file'), TO 'driver' => env('SESSION_DRIVER', 'database'),

after that i get this error -> TokenMismatchException in VerifyCsrfToken.php line 46:

@Piro you need to change the driver key inside your .env file:

SESSION_DRIVER=database

Laravel could be looking in your table for a matching token that was previously set in file (or however you were doing your sessions before). I would run php artisan cache:clear to clear out all the cache. I think you can flush sessions too.

@usman i do but the error persist. When i set 'driver' => env('SESSION_DRIVER', 'database'), in session file is not enough?

@BENderIsGr8te no success to. I clean the database and run php artisan cache:clear and nothing =(

It could also be something your browser is caching. Someone posted in this forum a week or two ago that they noticed the problem in Chrome, but not in Firefox. So they cleared their browsers cache and it solved the problem.

@Piro 'driver' => env('SESSION_DRIVER', 'file') it's going to grab the value from an environment variable called SESSION_DRIVER. If it doesn't find one, it'll use file as a default value.

Are you sure you have SESSION_DRIVER=database written in you .env file?

@BENderIsGr8te i tried in firefox and get same error. I back the code to use "file" and delete table session of database and i had the same error. What happening with my laravel?? =S

@Piro A TokenMismatchException is something that gets thrown even before the request hits a controller method for example. Can you show us a bigger picture?

@JohnRivs thank you for reply. Yes i had the SESSION_DRIVER=database in .env but the error continue. I tried to back the code in .env to "SESSION_DRIVER=file" and have also problem. When i try logging i get this error immediately.

Is it happening with every POST request or just specific POST requests? As @JohnRivs said it's going to be hard to nail this down without knowing what's going on.

Does the form you are setting have the {{ csrf_token() }} set in it? I've run into this issue in the past when I was using a modal window being populated via AJAX. The form on the main page had a token and the ajax populated modal had a token. The second token would invalidate the first token for that user. So if one used the modal window to do something then wen't back to the other form I would get the error. (That's just an example of a bigger picture that helped identify the problem).

Are you actually posting a form or are you trying to do an API call without a _token being passed?

@Piro As @BENderIsGr8te is mentioning, are you expecting a POST call from an external API? If that's the case, you must exclude the route from the VerifyCsrfToken class.

In Laravel 5.0, this is how I do it http://laravel.io/bin/qQQPJ

In 5.1 is going to be even easier, you will just add the routes to the property in the class.

@BENderIsGr8te. First that all, sorry about my english, i'am a brazillian brother kkkkk. Now i get what's mean bigger picture kkkk. Actually i'am developing an app in swift language (IOS) but i just start the project, i try some requests by ajax yesterday and everything was ok with token. Now i was just trying logging in home page default of laravel and i getting this error. Before i'am searching how create session in database than i read the docs of laravel about this. I change the .env file and session.php (config file) and this error start appear. Resume... at moment i'am not using ajax request and any other request, i just trying logging in home page auth/login. I understand about the token, but i've don't modified nothing related the token that can generate this error.

@Piro those ajax requests you mention, were they done using GET requests? Laravel doesn't need a token for GET. Every POST request though, whether is AJAX or not, goes through the token verification.

So now, you have everything default and you try to log into the home page that Laravel provides, using the browser, but you get the TokenMismatchException?

Yap! Exactly @JohnRivs.

@Piro can you show us your routes and the controller where the request should go to?

Offcourse @JohnRivs. Question... i see clean codes written here with backgrounds... how i put the codes here with black background an clean lines? sorry i'am newby here kkkkk

@Piro https://help.github.com/articles/github-flavored-markdown/

Thank you @JohnRivs xD

routes.php

<?php
Route::get('/', 'WelcomeController@index');
Route::get('home', 'HomeController@index');
Route::get('cartas/', 'CartasController@index');
//Route::get('cartas/alimentaSets', 'CartasController@alimentaSets');
//Route::get('cartas/create', 'CartasController@create');
//Route::get('cartas/alimentarSubtypes', 'CartasController@alimentarSubtypes');
//Route::get('cartas/alimentarTypes', 'CartasController@alimentarTypes');
//Route::get('cartas/alimentarColors', 'CartasController@alimentarColors');
Route::post('cartas/dados', 'CartasController@dados');
Route::controllers([
    'auth' => 'Auth\AuthController',
    'password' => 'Auth\PasswordController',
]);

HomeController.php

<?php namespace App\Http\Controllers;

class HomeController extends Controller {


    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth');
    }

    /**
     * Show the application dashboard to the user.
     *
     * @return Response
     */
    public function index()
    {
        return view('home');
    }

}

The first time you got the exception, were you making an ajax request to Route::post('cartas/dados', 'CartasController@dados');?

No no. I never take this exception while ajax request. The first time i get this error, was when i changed the config/session.php to use database. Now i reverted the session.php and .env to use "file" and the exception persist.

my .env and session.php at this moment

CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync

'driver' => env('SESSION_DRIVER', 'file'),

if i try to register i have the same exception.

Can you paste here the error you see? Including the stack trace.

I find the problem --' ... look this line in config file session.php

'lifetime' => 0,

how can i do it? kkkkkk

one of much problems are solved o/. Thank you brother.

But, how can i change the lifetime? example: I need the user stay logged in iphone app, but the server side will allow if the lifetime session is set different of zero?

Did you put it at 0? By default it's 120. You can change it right there.

kkkkkkk. Yap i put to 0. Ok, but my question is, how can i set a session for indeterminable time, this session will be destroyed only and only if i try to logging in other device.

I guess you can put a very high number :P There's no 'forever' value or something similar.

KKKKKKKKK. Its a nice solution for now \o/. KKKKKKK. Thank you @JohnRivs .

Inside Session.php I had edited:

/* |-------------------------------------------------------------------------- | HTTPS Only Cookies |-------------------------------------------------------------------------- | | By setting this option to true, session cookies will only be sent back | to the server if the browser has a HTTPS connection. This will keep | the cookie from being sent to you if it can not be done securely. | */

'secure' => true

As I am playing around with homestead and not using HTTPS I would recieve:

TokenMismatchException in VerifyCsrfToken.php line 46:

When doing anything with POST or _token (login and any forms)

Once I remembered that I had been playing around in that file and set it back to

'secure' => false

It was working once again as expected... I am sure this will not help everyone but it is definitely what caused me to have this error.