Laravel 5.4 is not creating csrf cookie on my hosting

Maybe: http://stackoverflow.com/questions/39997180/laravel-5-3-tokenmismatchexception-in-verifycsrftoken-php-line-68

Laravel or hosting has nothing to do with it you need to double check all of your code you have made a mistake somewhere.

it's not a cookie, it's a token that you can see in the html source.

check the source passed to the browser and see if the token is present

Also the way it works is a stored token in session is supposed to match a token passed via post, are you sure you have your storage folder permissions correct?

Edit: If you get your sessions working, all will be okay.

@Snapey Laravel stores csrf token in a session and the corresponding cookie to that session is stored in the browser by the name CSRF-TOKEN. My website is unable to set any type of cookies. In the source code the csrf_field shows the token in the form which is OK. But cookie related to csrf session does not gets created and that results in TokenMismatchException in VerifyCsrfToken.php line 68:

@jlrdw i have changed storage folder permissions to 777 from 755 but it still does not work. Locally it works perfectly fine.

it's the token in your form that is compared to the value stored in session on the server.

@Snapey I know the token is compared with the token stored in the session. What I am saying is, session identifiers are automatically stored in the corresponding cookies and in my case i can't see CSRF-TOKEN cookie in my browser. CSRF-TOKEN gets created when I run my script on localhost only and this is the reason Laravel throwing this exception TokenMismatchException in VerifyCsrfToken.php line 68:

Have you checked your config/session

I am using default session settings which comes up with fresh installation. Sessions are getting created but not the corresponding cookies. This is the main issue. Because cookies are sent with every HTTP request and then the session identifier is compared with the cookie sent automatically. In my case there are no cookies, so the user cannot be considered as an authenticated user.

Sessions and cookies are two different things.

I know they are two different things but they have a link. How would a session gets validated if it's corresponding cookie (which holds it's id and sent with every HTTP Request) does not exist in the browser? In my case, there are sessions are created but not the corresponding cookies.

@Snapey your turn.

You need to ensure either 1 in your html source code.

<meta name="csrf-token" content="a8YwpsXSj6XZI2Re28NturuU3BlyG5YZVGf8042h">

OR

<input type="hidden" name="_token" value="a8YwpsXSj6XZI2Re28NturuU3BlyG5YZVGf8042h">

In html form as a hidden value.

Just go to your page, and check html source code that whether there is csrf token or not.

@tisuchi it's already there mate. The only issue is, my website is unable to create cookies through laravel.

So far, its not issue with cookies. Its just rendering to html templates.

You may be check few things here-

• Check in other browser
• Check in other computer

If everything is ok there, than, delete your browser history and run it again in your computer.

It should work than.

Read the solution here https://laravel.io/forum/02-13-2015-difference-between-file-vs-cookie-session-driver

You should use file based sessions.

@tisuchi I don't think it has issue with html template since i checked token gets submitted with the form submit but the hash stored in the session does not match with it. The reason is there is no cookie that can help Laravel to search for the right session.

I was right. The website was unable to create cookies. The Laravel was not setting up CSRF-COOKIE and other cookies for don't know what reason. Now I uploaded the same files one by one and it works. It's really a strange behavior.

Inside config directory, edit session.php and check these lines:

'cookie' => 'cookie_name',
'path' => '/',
'domain' => env('SESSION_DOMAIN', null),
'secure' => env('SESSION_SECURE_COOKIE', false),
'http_only' => true,
// And modify domain value inside .env to null or as your domain
// Like: null or example.com

@dharmendrajadon I managed to make it work the day i posted my question here. There was nothing wrong with the configuration settings. When I uploaded the whole project at once, It just stuck at csrf mismatch exception but the same project works fine when i uploaded files one by one. It was pretty strange though.

Verify that your config/session.php file contains this line

'domain' => env('SESSION_DOMAIN', null),

Then remove the SESSION_DOMAIN line in your .env file

Hi all, I think I have the same problem, I uploaded my project from my local to a https production server. On my local site everything works fine but on my production server, when I check the cookies on my landing page there is no CSRF-Token but on my local its getting created. I also give log out the token after my submission and they don't fit.

Anyone any idea?

Laravel 9 + Chrome (localhost or with IP address). CSRF token mismatch error and no CSRF in cookies.

My solution:

SESSION_SECURE_COOKIE=false (.env file)
'same_site' => 'lax' (session.php file)