TokenMismatchException - Dying over here

Your missing the token {{ csrf_field() }} under your form element.

Also your post url isn't very dynamic from local to deployment. There are other ways, but I prefer named routes. action="{{ route('route name') }} this way you never need to worry if your main url changes or even you change the route it's self as long as the name stays the same.

I thought that was in there. Here is my code from the view.

<div class="row"><div class="col-md-12">
    {!! Form::open(['url' => 'posts']) !!}
    {{ csrf_field() }}

        <div class="form-group">
            {!! Form::label('title', 'Post Title') !!}
            {!! Form::text('title', null, ['class' => 'form-control']) !!}
        </div>

        <div class="form-group">
            {!! Form::label('excerpt', 'Summary') !!}
            {!! Form::text('excerpt', null, ['class' => 'form-control']) !!}
        </div>

        <div class="form-group">
            {!! Form::label('content', 'Post Content') !!}
            {!! Form::textarea('content', null, ['class' => 'form-control']) !!}
        </div>

        <div class="form-group">
            {!! Form::label('publish_date', 'Publish On') !!}
            {!! Form::input('date', 'publish_date', date('Y-m-d'), ['class' => 'form-control']) !!}
        </div>

        <div class="form-group">
            {!! Form::submit('Add Post', ['class' => 'btn btn-primary form-control']) !!}
        </div>


    {!! Form::close() !!}
    </div></div>

Code from the controller:

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use App\Post;


class PostsController extends Controller
{
        /**
        * Show a list of all posts.
        *
        * return Response
        */

    public function index()
    {
        $posts = Post::latest('publish_date')->published()->get();

        return view('posts.index', compact('posts'));
    }

    /**
        * Show a single post.
        *
        * return Response
        */

    public function show($id)
    {
        $post = Post::findOrFail($id);

        return view('posts.show', compact('post'));
    }

    /**
        * Form to create a new post.
        *
        * return Response
        */

    public function create()
    {
        return view('posts.create');
    }

    /**
        * Save a new post and redirect to all posts.
        *
        * @param CreatePostRequest $request
        * return Response
        */

    public function store(Request $request)
    {

        $this->validate($request, [
        'title' => 'required|unique:posts|max:255',
        'content' => 'required',
        ]);

        Post::create($request->all());

        return redirect('posts');
    }
}

...and Routes:

 <?php

/*
|--------------------------------------------------------------------------
| Routes File
|--------------------------------------------------------------------------
|
| Here is where you will register all of the routes in an application.
| It's a breeze. Simply tell Laravel the URIs it should respond to
| and give it the controller to call when that URI is requested.
|
*/

Route::get('/', function () {
    return view('welcome');
});

/*
|--------------------------------------------------------------------------
| Application Routes
|--------------------------------------------------------------------------
|
| This route group applies the "web" middleware group to every route
| it contains. The "web" middleware group is defined in your HTTP
| kernel and includes session state, CSRF protection, and more.
|
*/

Route::group(['middleware' => ['web']], function () {
    Route::get('posts', 'PostsController@index');
    Route::get('posts/create', 'PostsController@create');
    Route::get('posts/{id}', 'PostsController@show');
    Route::post('posts', 'PostsController@store');
});

What else am I missing? The rendered HTML has the token in it. Are you saying I need to add the {{ csrf_field() }} after the {!! Form::open(['url' => 'posts']) !!} tag?

Thanks for your help on this. I've got to be missing something small and simple. At least that is the hope.

Are you saying I need to add the {{ csrf_field() }} after the {!! Form::open(['url' => 'posts']) !!} tag?

Nope, I think @jakinney may have misunderstood your question - as using the Form facade will automatically add a hidden csrf token to the view as you also confirmed with the HTML output. And your form URL is dynamic :)

Have you by any chance altered your session.php config file? What session driver are you using?

Does this help? http://laravel.io/forum/01-30-2015-laravel5-tokenmismatchexception-in-verifycsrftoken?page=1#reply-22614

Or anything in that thread as it appears people there are having the same issue as you.

I've gone through everything in that thread and it seems that nothing is working.

Here is what I have tried so far...

• Cleared the sessions folder, cleared browser cache, and restarted MAMP Pro, and still nothing
• I regenerated the app key to see if that worked. Nothing.
• I went back through the videos, confirmed the code block at the top of the controller is right, and, nothing.

I've basically tried everything I can find online and still, nothing. Ugh.

The only thing I can do right now is comment out this line in /app/kernel.php in the $middleWareGroups protected group

\App\Http\Middleware\VerifyCsrfToken::class,

I think I am just going to start over on the app and see if that fixes it. Hopefully that will solve the issue and it's more reps on learning. I'll report back if that fixes it, but I'd still love to know what happened here.

I got the exact same error as you. Tried using a complete new project. Restarting WAMP and server, also all the things suggested in this thread, even commenting out the thread, doesn't help me. This is actually the first thread I found regarding line 67. Every other topic I have found, has been around line 46 which is when you login. I am totally lost here :(

Has anyone found a solution to this yet?

If you are following that course, I recommend installing Laravel 5.0, not 5.2.

Use this command: composer create-project laravel/laravel {directory} "~5.0.0" --prefer-dist

Laravel 5.2 has several breaking changes. Conceptually, a lot of it is the same, but if you are picking up Laravel for the first time, it could be difficult.

Also, note that Laravel 5.1 and 5.2 requires PHP >= 5.5.9 whereas for PHP 5.0, you only need PHP >= 5.4.

What do you have as your root folder? IE, what is in your address bar when you access the form?

@thomaskim Thanks - I guess I will try out 5.0 instead of 5.2 :)

@Snapey My route to the form is this: "http://localhost/password/reset".

It worked some days ago with problems. The issue presented itself wednesday. Haven't made any changes regarding this. Also, is it normal that the "password_resets" table is read only?

Previously I had;

and It added; name="_token" value="{{ csrf_token() }}" so now it is looks like this; The error is no more, now I have to concentrate on saving into the database.

I had this problem before. Just add in this code to your head of your layout:

 

< meta name="csrf-token" content="{{ csrf_token() }}" />

Should work for 5.2 as well. Just make sure to mind the spaces in the tags in my example above

maybe you can check your config/session.php

'secure' => false,

@wondollaballa Thanks. This one works on Laravel 5.2

< meta name="csrf-token" content="{{ csrf_token() }}" />

I found my problem at last.

Apparently I've added the following to my AppServiceProvider which caused some troubles:

\View::composer('*', function($view){ $view->with('user', \Auth::user()); });

@Nielson, glad you found your problem. I had the same issues but my underlying problem was different. Here's the answer I posted on Laravel.io (whose thread was linked here as a possible solution). :

I've had the same problem and been fighting with it all day. In the end, the solution was simple and totally unexpected.

For me, the problem was that my routes were not using the Web middleware. I moved my routes into the Web middleware group and everything worked as I expected it to.

On further inspection it says in the routes file:

"This route group applies the "web" middleware group to every route | it contains. The "web" middleware group is defined in your HTTP | kernel and includes session state, CSRF protection, and more."

So I guess I should have just paid more attention. Hope this helps someone else, it really wasted a lot of my time trying to debug!

Ps: as a hint, I realised that my session folder was empty, so if the sessions info is not being stored correctly you'll always have a mismatch

Why laravel is changing so much with "decimal" updates, it causes a lot of confusion I guess, especially for those who are just starting out like myself...

In your routes, add the 'web' middleware to any routes that handle sessions, etc. It's a new thing in Laravel 5.2

I don't know where I got the following tip from, probably here. But I put this at the top of the routes file which takes care of the token issues:

Route::filter('csrf', function() {
    $token = Request::ajax() ? Request::header('X-CSRF-TOKEN') : Input::get('_token');
    if (Session::token() != $token)
        throw new Illuminate\Session\TokenMismatchException;
});

and then put this meta tag in the relevant view or views

<meta name="_token" content="{!! csrf_token() !!}" />

@dylanh

Ps: as a hint, I realised that my session folder was empty, so if the sessions info is not being stored correctly you'll always have a mismatch

Thanks for this hint! I changed

CACHE_DRIVER=array
SESSION_DRIVER=array

to

CACHE_DRIVER=file
SESSION_DRIVER=file

and it works! :)

@Snapey

What do you have as your root folder? IE, what is in your address bar when you access the form?

this finally solved my problem! After I fixed it on development it broke live. I changed the URL in config/app.php and now it works as aspected.

Have you set your App Key yet. Csrf tends to fail without the App Key to fix this run php artisan key:generate in your terminal

Clearing my browser cookies solved this issue for me.

I get exactly like your error, change domain in session.php file was the solution for me

'domain' => 'your_domain.com',

My problem with this seems to be that I had two views (depending on whether URL params existed or not), both of which used the same form. One of the views was missing the line.

(I know, I shouldn't have two instances of the same code. I'll figure that out some later time.)

Just put echo csrf_field(); after open you form tag.

Try to put {{ echo csrf_field() }}

@george2040

Try to put {{ echo csrf_field() }}

actually {{ csrf_field() }} - no need to echo inside blade tags - echo is implicit

User @ bobbybouwmann had a solution that worked for me, simply add

<input type="hidden" name="_token" value="{{ csrf_token() }}">

to your form.

https://laracasts.com/discuss/channels/general-discussion/tokenmismatchexception-in-compiledphp-line-2440

Or add, just like he does at 13:14 on video No. 11 ; https://laracasts.com/series/laravel-5-from-scratch/episodes/11

        {{ csrf_field() }}

As some comments pointed out earlier.

I had same problem on laravel 5.2.45 and the solution from francoisx worked for me, thanks man!

I'm having this problem but none of the solutions is working for me. I have:

1. Added the token meta tag in the page head
2. Ensured the login/register form contains {{ csrf_token() }}
3. Verified that the token in the head matches that in the form in the rendered HTML.

But the error still occurs. This is in Laravel 5.3 with the standard auth scaffolding. Any ideas?

Try the following commands:

php artisan cache:clear

composer dump-autoload

php artisan clear-compiled

It's probably a cache problem.