Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

RainerF's avatar

I don't get a Session on production Server // TokenMismatchException

Hi, I am new to laravel and coding for 2 two weeks now and stuck in an deployment problem.

My local machine: Windows 10 with PHP Storm, MySql and I am running on artisan serve On Production I am running on www.Strato.de

My Issue is that on local everything works within my programm status but live i get the TOKEN Missmatch Error because my Session Key is rewritten every REQUEST. Local the Session looks ok with old Data and the previuos link and so on but live there is just the KEY.

Maybee this is helfpful. On Strato i force the website to run on HTTPS an LOCAL i don't because i don't know how i will artisan demand that.

I tried the last days to get it running but don't have a clou. WEBSITE is runnging https://trim.finance (I inserted a button on the end to show session->all() an routet on trim.finance/session the same.

my Shame i uploaded the env File on produktion serve to make both more similar.

.env File on Server

APP_ENV=local
APP_LOG_LEVEL=debug

DB_CONNECTION=mysql
DB_HOST=**
DB_PORT=3306
DB_DATABASE=**
DB_USERNAME=**
DB_PASSWORD=**

BROADCAST_DRIVER=log
CACHE_DRIVER=file
QUEUE_DRIVER=sync

MAIL_DRIVER=mailgun
MAIL_DOMAIN=https://api.**
MAIL_SECRET=key-**

config/app.php on Server

return [

'name' => env('APP_NAME', 'tRIM'),
'env' => env('APP_ENV', 'local'),
'debug' => env('APP_DEBUG', true),
'url' => env('APP_URL', 'https://www.trim.finance'),
'timezone' => 'Europe/Berlin',
'locale' => 'en',
'fallback_locale' => 'de',
'key' => env('APP_KEY', 'base64:KEYCODE'),
'cipher' => 'AES-256-CBC',
'log' => env('APP_LOG', 'single'),
]

config/session.php

return [
'driver' => env('SESSION_DRIVER', 'database'),
'lifetime' => 60000,
'expire_on_close' => false,
'encrypt' => true,
'files' => storage_path('framework/sessions'),
'connection' => 'mysql',
'table' => 'sessions',
'store' => null,
'lottery' => [2, 100],
'cookie' => 'trim_session',
'path' => '/',
'domain' => null,
'secure' => env('SESSION_SECURE_COOKIE', true),
'http_only' => false,
];

Test1: Please try to Register on my Page to see the Problem. (Every data is fake so feel free to try).

Test2: Try to create [a new Adress] (https://trim.finance/adress/create)

My debbugging got me so far

  1. The issue ist just on the produktion side. (I allready deleted the hole webServer and copied all data again to see if there is something missing oder online changed.) local it works.

  2. Every get request doen't need the session so no harm.

    • BUT i inserted an SESSION button to see the data and every refresh of the page makes a new session [_token"]

  3. EveryPost request don't geht through because of the TokenMismatchException.

    • I edited the TokenMismatchException what is matched and every time he generates a new Session _token
    • I shortcuted the Token comparison and did'nt get through because Laravels safety features.

Sessions are stored in the Database.. for every request One Line .. seems too much.. every Session(User) One Line it should be. Here an Example from my database. I did just a refresh on the website.

| id | user_id | ip_address | user_agent | payload | last_activity | | bf4QOHxQAMvrTgGw0PfidIKmHd0hRrAt86FPVYWz | NULL | 2a02:8109:a40:2f20:403d:806a:5818:dbf3 | Mozilla/5.0... | ZXlKcGRpSTZJblV3UkhoY... | 1501147035|

| I0sg8K8zvSQS1a1vN2OOTYnKVnsVJQP3kv4ZxtqT | NULL | 2a02:8109:a40:2f20:403d:806a:5818:dbf3 | Mozilla/5.0... | ZXlKcGRpSTZJbE5WYkVOT... | 1501146839 |

0 likes
6 replies
isaackearl's avatar

I don't fully understand your question, but you need to make sure your SESSION_DRIVER is set in the session.php config file.

    'driver' => env('SESSION_DRIVER', 'file'),

You can set these values in your .env file as I'm sure you know...

If it is set to 'array' then it will lose the session value between requests.

Sorry if this doesn't help you, I didn't fully understand your question.

RainerF's avatar

Thanks i posted my configs above...

LIVE in most cases i got a Token missmatch and nothing happens.

It seems a Session Problem because EVERY request i get a new token( I insertet a SESSION Button at the end of the page to see all DATA

isaackearl's avatar

do you have an .env file where you are accidentally setting the session driver to array ? how is your prod environment setup? Have you verified your environment variables?

If not, then are you seeing rows put into the database when you make requests ?

RainerF's avatar

Yes there are rows. I posted them in the original question.

ymssrikanth's avatar

Same problem here. Please post if you already figured it out. Thanks

RainerF's avatar

Hi i created a backup server and installed laravel new. Installed all Dep and copied my Code one Folder at a time. In the End everything worked but i can't exact tell the difference becuase i didn't change a thing in my Code.

Some foo maybe.

Sorry

Please or to participate in this conversation.