Laravel 5.5 login and register page says:The page has expired due to inactivity.[TokenMismatchException]

Question

I just created a new project of laravel version 5.5 with the laravel installer.And run the command "php artisan make:auth".The views and controller are generated for the user authentication.And also run "php artisan migrate" to create tables needed in the database.When visiting the login page and register page,filling the form and submit.It shows "The page has expired due to inactivity. Please refresh and try again.".But refreshing the page does nothing help. Seen in the source code,where causes the exception:

if ($e instanceof ModelNotFoundException) {
        $e = new NotFoundHttpException($e->getMessage(), $e);
    } elseif ($e instanceof AuthorizationException) {
        $e = new AccessDeniedHttpException($e->getMessage());
    } elseif ($e instanceof TokenMismatchException) {
        $e = new HttpException(419, $e->getMessage());
    }

It seems "TokenMismatchException" causing this problem. When did this happen?And why?I just create this new project and did not do any other changes. Hope you got the points. I use php 7.1.9(laravel 5.5 requires php > 7.0.0).And serve the project in develop environment with:php artisan serve

Answer 1

I had the same problem on localhost:8000 (php artisan serve). Maybe it's coincidence, but try on "clean browser" , other than you used with previous development. For me it worked.

It seems that the problem is with cookies from development with previous Laravel versions, on the same url.

Answer 2

Make sure your User.php model exist in app folder and fields must be define in this model.

<?php

namespace App;

use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    use Notifiable;

    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'name', 'email', 'password',
    ];

    /**
     * The attributes that should be hidden for arrays.
     *
     * @var array
     */
    protected $hidden = [
        'password', 'remember_token',
    ];
}

Answer 3

i think you missed csrf token.

dont forget to use {!! csrf_field() !!}

Answer 4

I had this same issue. vagrant reload --provision worked for me

Answer 5

Add csrf token

       <input type="hidden" name="_token" value="{{ csrf_token() }}">

Answer 6

This issue is mainly caused because you don't have the csrf token in your form. During csrf token verification it fails, that's why you are getting this page. Laravel generally needs csrf token in all its forms. You can add a csrf token simply by adding this inside the form.

 {{ csrf_field() }}

Another method of doing this is you can exclude your route in the verifycsrftoken middleware.

Just add a protected field in the middleware with your route name.

protected $except=[
                    '1st route',
                    '2nd route',
                    .
                    .
                  ];

This should work.

Answer 7

In my case, I've got the same error message and then figured that I missed to add csrf_token

{{ csrf_field() }}

Or without form helper that will be,

<input type="hidden" name="_token" value="{{ csrf_token() }}">

If that doesn't work, then-

Refresh the browser cache and hopefully it will work, thanks.

Answer 8

It appears to be permission settings on either storage and/or bootstrap/cache.

I'm using a Cloudways server. I reset permissions on my server under Application Settings and it now works. On my local development server the equivalent was to set chmod 777 on storage.. I had used 755 previously and the error persisted.

Answer 9

if you created a new project localhost You need view config/session line : 166 if 'secure' => true , you need edit 'secure' => false, When you up the host or server, re-config => true sorry i know a little english , hope can help you

Answer 10

I had the same issue and it was because I was using virtualhost and I setup below variable to mydomain.com. in config/session.php file

'domain' => env('SESSION_DOMAIN', 'mydomain.com'),

When I changed it to null then it started working

'domain' => env('SESSION_DOMAIN', 'null'),

I don't know what is the reason behind it but it is working fine now.

Answer 11

try this one in your global handler app/Exceptions/Handler.php

public function render($request, Exception $e)
{
    if ($e instanceof \Illuminate\Session\TokenMismatchException) {

        return redirect('/login');

    }

    return parent::render($request, $e);
}

Answer 12

I would also keep csrf_token in a meta tag.

<meta name="csrf-token" content="{{ csrf_token() }}">

Answer 13

I was only testing post requests for my api and came across the same issue. I resolved it by adding my route to the Middleware VerifyCsrfToken's $except array i.e. go to app/Http/Middleware/VerifyCsrfToken and add

protected $except = [
        'your/route'
];

But if your requests are from some front-end platform or views, it's advisable to add {{ csrf_field() }} in the form that sends the request.

Answer 14

Add this code in your

app\Exceptions\Handler.php file

if ($exception instanceof \Illuminate\Session\TokenMismatchException) {
    // Perform operation on page expired
}

Answer 15

Sorry for Answering later I had same problem after searching on the internet found two solutions

1-Add

@csrf

or

 <input type="hidden" name="_token" value="{{ csrf_token() }}">

inside your form if missing

2:if you opened you login page for long time and didn't logged in. just refresh the browser or press ctrl+F5

Answer 16

Hi for the group paths that you want to apply to everyone, use this method, which is my 5.5 larval version. Use the star => go to app/Http/Middleware/VerifyCsrfToken and add

protected $except = [
    '/user/*'
];

This is also my user's path

Route::group(['prefix' => 'user', 'namespace' => 'User', 'as' => 'user.'] , function (){

Answer 17

Had this issue as well! Solved it by:

1. Clearing browser session storage and cookies.
2. Running php artisan cache:clear
3. Ensuring the storage/framework/sessions folder was empty, except for the .gitignore.
4. Restarting dev environment.