Level 122
you know the token will probably change after login?
Jun 1, 2025
3
Level 20
CSRF token mismatch in laravel 12 .. Using postman
my cors.php
'paths' => [ 'api/*', 'sanctum/csrf-cookie' ],
'allowed_methods' => [ '*' ],
'allowed_origins' => [ '*' ],
'allowed_origins_patterns' => [],
'allowed_headers' => [ '*' ],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => true, //make it true for diffrent port
my route web.php for spa authentication
//for spa authentication
Route::prefix('auth')->group(function (){
Route::post('/Register', RegisterController::class)->middleware('guest');
Route::post('/login', LoginController::class)->middleware('guest');
Route::post('/logout', LogoutController::class)->middleware('auth:sanctum');
});
I get the csrf token from visiting http://127.0.0.1:8000/sanctum/csrf-cookie this route here is my csrf token i recieved
XSRF-TOKEN=eyJpdiI6IlFSelpIcGRNOEhHZGtrWTg0QmJxdkE9PSIsInZhbHVlIjoiWWg0SGo0TVRwWUM3N0hNME1BbDlSLzZUcFkwSlJZbTNBV0hONTRaMDFGZ1A3VFJhWGN0dTI1SmJpQ093dWw4TEZ3eEYvWWZTOW5ERUl2NkxiOUlLSTVWNENud3Y4U2NHQ3JzV2JxUmRCMXNiY2taaVplQW9ONEpzZ1NhTW56WWEiLCJtYWMiOiI1OGY1MWMxNjVmZjc2OTRhNTQ4YWQ4ODEzYWFkZDEwOWZkODYzODI1YmRjNmYwYjgxMzBhOTdmZjRhMzgyYmMxIiwidGFnIjoiIn0%3D; expires=Sun, 01 Jun 2025 18:03:15 GMT; Max-Age=7200; path=/; domain=localhost; samesite=lax
and I'm setting this csrf token in my header from my login route from the postman as key => X-XSRF-TOKEN and value is the above token ..
my .env sesion setting
SESSION_DRIVER=database
SESSION_LIFETIME=120
SESSION_ENCRYPT=false
SESSION_PATH=/
SESSION_DOMAIN=localhost
# SESSION_DOMAIN=127.0.0.1
SANCTUM_STATEFUL_DOMAINS=127.0.0.1,localhost,::1
Level 20
@Snapey no , I m not using token based authentication..
I'm using spa session based authentication
Level 122
@Shivamyadav I'm talking about the csrf token. You know, like in your question.
Please or to participate in this conversation.