Have just statred a new app in Laravel 5 and I am having some trouble using the out of the box auth...

I keep getting : TokenMismatchException in VerifyCsrfToken.php line 46: on submitting the login or signup forms...

I can see on the login form page the token codes that are in the hidden form field and Session at that point are the same...

As a test I have also tried as some other posts suggested commenting out //'App\Http\Middleware\VerifyCsrfToken', in app/Http/kernal.php to see what would happen. After doing this every time I submit a form I get a message which says redirecting to: /auth/login or /auth/register depending on where I came from with no success.

The weird thing was this was working when I first installed the framework. All I have done since then is run a few migrations and setup some of my models and controllers and seeded the db with some user data.

UPDATE:

Looking into this further in the function tokensMatch() on line 55 of VerifyCsrfToken.php if I :

var_dump($request->session()->token());

var_dump($request->input('_token'));

I can see the two tokens are different but at the form using:

var_dump(Session::all());

{{{ csrf_token() }}}

They are the same. The Session token has changed some how before it gets to the function tokensMatch() on line 55 of VerifyCsrfToken.php

My stack trace is as follows:

in VerifyCsrfToken.php line 46
at VerifyCsrfToken->handle(object(Request), object(Closure)) in VerifyCsrfToken.php line 17
at VerifyCsrfToken->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in ShareErrorsFromSession.php line 55
at ShareErrorsFromSession->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in StartSession.php line 61
at StartSession->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in AddQueuedCookiesToResponse.php line 36
at AddQueuedCookiesToResponse->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in EncryptCookies.php line 40
at EncryptCookies->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in CheckForMaintenanceMode.php line 42
at CheckForMaintenanceMode->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 101
at Pipeline->then(object(Closure)) in Kernel.php line 111
at Kernel->sendRequestThroughRouter(object(Request)) in Kernel.php line 84
at Kernel->handle(object(Request)) in index.php line 53

I first just got it working removing the line:

'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken'

from /app/Http/Resquests/Kernel.php. However, this means the CSRF token check will be removed, which implies that your website will not be protected from cross-site request forgeries.

Update According to the documentation, you should add the CSRF token to your form by adding this snippet to your code:

<input type="hidden" name="_token" value="{{ csrf_token() }}">

I used first way in backend services for mobile application but I find I can send send CSRF header within requests.

According to documentation may be why:

Insert The CSRF Token Into A Form

<input type="hidden" name="_token" value="{{ csrf_token() }}">

I had the same issue. I solved it by changing the following line in config/session.php

'domain' => env('DOMAIN', 'yourdomainnamehere.co.uk'),

Then add the following line in you .env

DOMAIN=null

Check your routes.php file. I also had this error and it turned out to be caused by a blank line at the top (just before the opening <?php tag). Such a stupid error, hopefully this could help someone.

I had the same problem, my solution was

<form method="POST" action="path_to_action">
    <input type="hidden" name="_token" value="{{ csrf_token() }}">
    <input type="text" name="some_name">
</form>

If you are using blade templates you can use put in your form

{{ csrf_field() }}

instead of

<input type="hidden" name="_token" value="{{ csrf_token() }}">

It worked with me in Laravel 5.1.

Just Log out and re login thats the only way It's a unknown bug even I get it in my form posting sometimes but all people in the forums they all say for putting but that does not solve the problem just logout and re-login

If you want to get rid of TokenMismatchException in VerifyCsrfToken.php, check this link for simple solution by @Tariq Khan: TokenMismatchException in VerifyCsrfToken.php

I also had this very same situation today, out of the sudden my application started to show me that message...

I just re-started my server and it all went back to normal.

Solved the issue:

When I checked the app.blade csrf-token was hard coded there like <meta content="9DB/rSl5JKAkQenkfGLj4o/x6+1dIDC5m52IWJxjFfo=" name="csrf-token"> after removing this and adding <meta content="authenticity_token" name="csrf-param"> fixed my issue. This may help some one :)

This is what I do to fix this issue.

Assume that your web server has already write access to session directory, in my case 'app/storage/framework/sessions/'.

Execute,

$ rm -f {your_web_app}/storage/framework/sessions/*

Reload web in your browser and try to login again.

There are lot of possibilities that can cause this problem. what I experience is that this can be a problem of wrong configuration of session.php config file. Have you by any chance altered your session.php config file? May be you have changed the value of domain from null to you site name or anything else in session.php

'domain' => null,

Wrong configuration in this file can cause this problem.

I had the same issue, running php artisan config:cache

solved it all.

I hope this helps someone

Try php artisan route:list and check id web middleware is repeated. For example (web,web,others).

In Laravel 5.3 web middleware is activated by default, I've added

Route::group(['middleware' => 'web'], function () { ALL MY ROUTE });

with this TokenMismatch was generated.

Fix routes solve the problem for me.

For more information see Question on Laracast

If you want to use CSRF in form then you have to add this line in your form

 <input type="hidden" name="_token" value="{{ csrf_token() }}">

and if you are not interested to use CSRF then you have to comment below line in kernel.php file

//\App\Http\Middleware\VerifyCsrfToken::class,

Maybe its something with your App Domain settings.

1. Check the 'domain' setting in config/session.php.
2. Set it to 'localhost' or to the proper domain which is associated to your app.
3. Save the file

Mine was fetched from the env file and the app was on a different domain.

Hope this is gonna save some brain cells for someone.

Interestingly, I encounter the similar problem recently. I found there're two different tokens generated by my Laravel 5.1 app. I tackled the issue by generating a new application key [php artisan key:generate]!

goto file called ... VrifyCsrfToken.php . located at app/Http/Middleware/

folder.

and change following....

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier {

protected $except = [
    "*" .   //make * here . as is did.
];

}

<script>
function closedLogo() 
         {    
          $.ajax({
                  url: '{{route('core.closed-logo')}}',
                  type: 'post',
                  success: function (data) {
                      $('#return').html(data);
                  }
                 });
          }
</script>