Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

kapilgarg's avatar

TokenMismatch on Client Machine

Hi all, I am facing a very strange problem here. I am using laravel 5.2 and using its own auth functionality. I have setup laravel server on ubuntu vm and port forwarded to it. The VM is setup on windows 10. I am able to use the app regularly when accessing it by windows 10 but the problem occurs when i connect another machine to my localhost. Then TokenMismatch problem occurs. These are the headers i am attaching to each response

$response->header("Cache-Control", " no-cache, no-store, must-revalidate")
            ->header("Pragma", "no-cache")
            ->header("Expires", "0") ;

So here is the complete situation.

Machine 1 which is hosting the VM is running fine even when Machine 2 is connected. Machine 2 shows token mismatch problem on login.

If still you find it difficult to understand the problem then i can elaborate more.

Update:

I found out that its the problem with laravel auth. It is not authenticating the user when he is trying to login from machine other than the host machine. Even if it authenticates for the first time then again it automatically logs out the user. Any suggestion would be helpful

0 likes
3 replies
jimmck's avatar

You just signed up 48 mins ago. Did you read the Laravel documentation? Search the site? Google Laravel Token Mismatch? Your answer awaits.

kapilgarg's avatar

I have been working on laravel since last 30 days and i have red each piece of documentation. Its just that i got stuck now so i posted my question here.

hemantadsl's avatar

Hi, I just update my framework to L5.2.31 and after that there always token mismatch error every time on login, I have already all threads related to this and i did

  • in login page
  • proper form open with {{ csrf_field() }}
  • in / out my Route::auth() from web middleware.
  • change RouteServiceProvider for applying web route default
  • illuminate/Foundation/http/midlewar/VerifyCsrfToken: check in this file what i got that session token and request are not same in tokensMatch function. i just lost my all hope , Please help. Thanks.

Please or to participate in this conversation.