Level 1
A TokenMismatchException should only occur on requests that are not GET, HEAD, or OPTIONS. Make sure any forms (e.g., login form) are adding an _token field with the csrf_token() as the value.
You can also use the csrf_field() helper function to generate the input field automatically.