Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I'm having a very strange issue with the default CSRF middleware in Laravel 5.1
My co-developer, with a fresh clone (and composer install), of our repository is unable to complete a form request in his local environment (with Google Chrome). It works fine on our auto-deployed dev server and my freshly cloned environment.
The view for the form is
{!! Form::open(['url' => '/dashboard/setup', 'class' => 'form-horizontal']) !!}
<fieldset>
<div class="form-group">
<label class="col-sm-2 control-label">Username</label>
<div class="col-sm-10">
<input type="text" name="username" class="form-control" value="{{ old('username') }}" required>
</div>
</div>
</fieldset>
<fieldset>
<div class="form-group">
<label class="col-sm-2 control-label">Date of Birth</label>
<div class="col-sm-10">
<input type="text" name="date_of_birth" class="date-picker form-control" value="{{ old('date_of_birth') }}" required>
</div>
</div>
</fieldset>
<fieldset>
<div class="form-group">
<div class="col-sm-2"></div>
<div class="col-sm-10">
<button class="btn btn-primary btn-fill btn-block">Finish!</button>
</div>
</div>
</fieldset>
{!! Form::close() !!}
The correct HTML is generated for the form and includes a hidden field with the CSRF token. However, when he submits the form he gets a TokenMismatchException in VerifyCsrfToken.php on line 53. I had him clear his cookies and his browser cache and the issue persisted. This is in the latest version of Google Chrome (which worked fine for me).
What is even more strange, is he did the exact same steps in Mozilla Firefox, and the form submitted without a problem.
So, we tried debugging a bit. We added this code:
dd([
'session_token' => $sessionToken,
'_token' => $token
]);
to the tokensMatch($request) function in vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php right before the return statement.
We discovered that in Google Chrome, the tokens would always be mismatched and in Firefox it they would match just fine.
I'm completely lost for what the issue could be, so any kind of help is appreciated.
Thanks, Cameron
Maybe you can insert this in your form when you create it manualy
Or use an other repo for your FORM https://laravelcollective.com/docs/5.0/html#csrf-protection
Add this to composer https://laravelcollective.com/docs/5.0/html#installation
"require": {
"laravelcollective/html": "~5.0"
}
The form and token are being generated correctly.
<form method="POST" action="http://laravel.dev/dashboard/setup" accept-charset="UTF-8" class="form-horizontal">
<input name="_token" type="hidden" value="FOZP5AJ0N0BI0EYtTlp95Ws6vUXdSfvh9ZXITcg9">
<fieldset>
<div class="form-group">
<label class="col-sm-2 control-label">Username</label>
<div class="col-sm-10">
<input type="text" name="username" class="form-control" value="" required>
</div>
</div>
</fieldset>
<fieldset>
<div class="form-group">
<label class="col-sm-2 control-label">Date of Birth</label>
<div class="col-sm-10">
<input type="text" name="date_of_birth" class="date-picker form-control" value="" required>
</div>
</div>
</fieldset>
<fieldset>
<div class="form-group">
<div class="col-sm-2"></div>
<div class="col-sm-10">
<button class="btn btn-primary btn-fill btn-block">Finish!</button>
</div>
</div>
</fieldset>
</form>
It may seem a silly question but have you validated the HTML?
I had a similar problem and it was down to having two forms on the page, one of which hadn't been closed properly. It took me ages to sort out, but had I validated the HTML I would have spotted it immediately. Different browsers were treating my error in different ways, hence the inconsistency.
I mean validate the entire page, not just the snippet.
I have had other issues with CSRF, but that has been ajax-related which isn't relevent in your case.
@chutch1122 Yes I also faced this issue yesterday I was kind of surprised with that.
Any solution this problem i face this problem on my login form which is generated with laravel Auth
Please or to participate in this conversation.