Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Alban-Kaperi's avatar

TokenMismatchException in compiled.php line 3227 over HTTP but not over HTTPS

I am using Ubuntu server 16.04 on DigitalOcean, Nginx as my webserver, Laravel 5.2

I am facing a problem when trying to log in at my admin panel that I have created. This problem happened when I changed my connection from HTTPS( I have blocked the https with UFW firewall) to HTTP.

TokenMismatchException in compiled.php line 3227

Before switching to HTTPS it has worked with HTTP too, but that was before 3 months ago.

I have done the following:

php artisan config:clear
php artisan route:clear
php artisan clear-compiled

and have redone :

php artisan config:cache
php artisan route:cache
php artisan optimize --force

I deleted the sessions at the storage/framework/sessions But the problem still persists.

My signin form is as below:

<form action="{{ route('signin') }}" method="post">
        <div class="input-group">
            <label for="email">E-Mail</label>
            <input type="email" id="email" name="email" class="form-control">
        </div>
        <div class="input-group">
            <label for="password">Password</label>
            <input type="password" id="password" name="password" class="form-control" autocomplete="off">
        </div>
        {{ csrf_field() }}
        <button type="submit" class="btn btn-success">Sign In</button>
    </form>

If I switch the server to a https connection the error doesn't exist. Any idea?

0 likes
2 replies
36864's avatar

If I switch the server to a https connection the error doesn't exist. Any idea?

Yes, switch to https. What possible reason could you have to want to authenticate users over http?

Alban-Kaperi's avatar

I am having a problem with the https, I have misconfigured something with the strict-transport-security header and Public-key-pins header.

When trying to access any page of my website, I was getting the following error:

NET::ERR_SSL_PINNED_KEY_NOT _IN_CERT_CHAIN

with other browsers like Mozilla or edge, my site opened without any problem, the problem was only with google chrome. I followed this tutorial and fixed the problem in my browser:

https://linux-audit.com/delete-a-hsts-key-pin-in-chrome/

After that problem, in 1 week my page disappeared from google search results. I thought if I would switch to HTTP I would have my page in the search results that's why I was going to try to go to HTTP.

Please or to participate in this conversation.