Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

mnkous's avatar

session issues: 419 error after signing in

Hi all,

I've been developing with laravel for quite some time now, but have stumbled upon a problem I'm not able to solve. A previous discussion has the exact same problem, without a solution though:

https://laracasts.com/discuss/channels/laravel/all-my-apps-run-in-windos-but-get-419-session-has-expired-in-mac?page=0

The application is running smoothly on production, just not locally. It' a laravel 5.8.35 (previously upgraded from 5.1) application running on PHP 7.4.4 (also tried 7.3.12)

Like the previous discussion:

  • Cloned project from: git clone ...
  • Install vendors directory (dependencies)
composer update --no-scripts
  • added env file
  • Setup the Key: php artisan key:generate:
  • Run the application with (tried both):
    • php artisan serve
    • dockerized with php-fpm and nginx

The application works, but when I try to login, I get the following message:

419 Sorry, your session has expired. Please refresh and try again.

For debugging purposes: disabling the csrf token will not lead to successful sign in, just reloading of page, so problem must be with the session / session driver, not with the csrf token.

session driver is file, but have tried array as well. session lifetime is 120

creating session variables is possible:

session([ 'somekey' => '-- session value --']);
$value = session('somekey');
return view('auth.login', compact('value'));

and the file in /storage/framework/sessions is created with the sessions variable written to it. file permissions do not seem the problem.

  • running php artisan cache:clear, php artisan config:clear does not solve the problem
  • trying in a different browser because of reluctant cache does not solve the problem

appreciate any help, this has been driving me mad for the last couple of days!

0 likes
4 replies
oriolrg's avatar

I have more or less the same problem. In my case the error is reproduced only in chrome browser and mobile phone safari. On PC it works correctly. Does this mean that laravel is not operational for phone browsers?

artcore's avatar

When I see a 419 it's usually a csrf token mismatch or none sent. Do you have the VerifyCsrfToken somewhere in your middleware of that route?

Snapey's avatar

Do you see Laravel session cookies being created in your client?

Do you get the same issue with php artisan serve ?

mnkous's avatar

@snapey

yes, cookies are being created. session problem occurs as well with php artisan serve

Also: starting up a fresh laravel install with authorization works just fine.

Please or to participate in this conversation.