Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I started having this problem since I uploaded my project to a remote server. The exception that its throwing is the following: TokenMismatchException in VerifyCsrfToken.php line 46: So I went to that line and noticed that in the function tokenMatch, the condition below fails:
if ( ! $token && $header = $request->header('X-XSRF-TOKEN')) { $token = $this->encrypter->decrypt($header); }
Digging deeper in to the problem, the $request->header('X-CSRF-TOKEN') returns null value.
IMPORTANT! I developed this project on my local machine, it works pretty good there, no problems at all.
Please clear cache and reload your page.
Make sure if you are not using Angular ..
<form action="/foo/bar" method="POST">
<input type="hidden" name="_token" value="{{ csrf_token() }}">
</form>
for more see.. http://laravel.com/docs/5.1/routing#csrf-x-xsrf-token
Hello! I am not using Angular. The code I am using on my view is:
{!!Form::open(['route'=>['auth_login_path'], 'method'=>'POST'])!!}
{!!Form::close()!!}
I cleared my cache but still not working. Why could it be that it works perfect on my local machine, but on webserver it jumps this token exception?.
I think this do the trick - I think this might be issue of permission
In config/session.php - if session storage is of type file and if 'files' => storage_path('framework/sessions')
On server give writeable permission to folder - app/storage/framework/sessions
It is better to give permission to app/storage folder
of course after doing this,
run artisan command cache:clear and clear browser cache also
Ok first of all, thank you very much for your help! I really appreciate it. I am following your last steps like this:
Refreshed my view, and I still get the problem. Is there any segment of the code you'd like me to paste here? I am almost 4 hours trying to fix this issue.
Also I gave chmod 777 to sessions. Btw everytime I try to log in, it generates 3 new files on my sessions folder.
hmmm , not sure can you just try ..instead of blade form
<form action="/foo/bar" method="POST">
<input type="hidden" name="_token" value="@{{ csrf_token() }}">
</form>
consider value = double curly bracket + csrf_token() + doublecurly bracket
:( It was like that before, I changed to Blade form hoping it will fix it but didnt fix. Since I copied it from my local machine to the webserver (cpanel), is there a chance it is trying to find a path from my pc? I did a deep search for the paths and Laravel doesnt use static routes so I discarded that posibility
as per documentation, In addition to checking for the CSRF token as a POST parameter, the Laravel VerifyCsrfToken middleware will also check for the X-CSRF-TOKEN request header. You could, for example, store the token in a "meta" tag:
<meta name="csrf-token" content="\{\{ csrf_token() \}\}">
content=double curly bracket + csrf_token() + double curly bracket
Lol I am having difficulties copying my code :P Not good results yet :)
I did what you said still have the problem.
Where does it gets this value from? $request->header('X-CSRF-TOKEN')
Because on the views Head I added the meta data you mentioned.
And sorry I make this silly question, how can I add code blocks in this text editor? I think I would help more if I add my code blocks
for mark down
https://help.github.com/articles/github-flavored-markdown/
usually meta tag provides header
No luck my friend. This is weird,and what if I install a new laravel 5.0 from scratch? and copy paste the folders of my views, controllers, requests, mid... etc.
@RingoStyle If you want to install new then go for Laravel 5.1
but still I will look in this when will get time
see https://laracasts.com/discuss/channels/laravel/verify-csrf-token
Resolved by some serverside settings -
OK, I submited a ticket to my webserver support so I hope that fixes it. meanwhile I did what I told you about instaling laravel 5.0 from scratch and after that copied all my files, but didnt work ...
Thank you for helping me :)
My friend I fixed it, the problem was that I made my own AuthController the same way that I used to do it on versions 4.x. So I had a wrong constructor build and I wasnt using the trait AuthenticatesAndRegistersUsers.
It is still weird that my wrong implementation worked perfectly on my local env.
Now I am finally logging in succesfuly!! I am facing one new minor issue now, but Im probably gonna give it some time to try to fix it myself but I have a terrible headache. It is about @include('dashboard_main_content'), it says that _main_content does not exist.
Please or to participate in this conversation.