419 页面在 Laravel 中过期 即使在添加 CSRF 令牌之后

Question

I am working on a Laravel 8 Framework, I have added the application on the live Cpanel server and then it started showing below Error:

419 PAGE EXPIRED

I know generally missing CSRF token will be the main issue but in this, I have added the CSRF token, I am using LARAVEl blade syntax so adding LARAVEL blade form syntax the "Token" (CSRF) will get added directly.

 {{ Form::open( [ "url" => \URL::route("front.login.check"), "autocomplete"=>false,"id" => "login_form" ] ) }}

This will add the CSRF automatically, I have tried adding directly, But every POST request end up on the 419 PAGE EXPIRED page.

What do I have checked already?

• CSRF Token Is not missing in the Form
• I have checked middleware also but this request did not reach the middleware after form submit it will take to the 419 page
• Also try to php artisan cache:clear and dump-autoload command but the issue is still.
• Added 755 permission to storage , vendor and cache folder also.

Please help me on this What next should I need to check for solve this issue?

Answer 1

Laravel "419 Page Expired" Error Troubleshooting Steps

Apply/go through all steps up to "step 12" BEFORE testing your application for this error.

1. Increase your session expiration time (Ie 24 hours).
2. Make sure that the " session domain " is the same as the "app URL".
3. Ensure that the session cookies are sent back to the server for both "HTTP" & "HTTPS" browser connections .

.env file contents applying the above 3 steps.

Change myapp.local to your application domain.

APP_URL="http://myapp.local"
SESSION_LIFETIME=1440
SESSION_DOMAIN=myapp.local
SESSION_SECURE_COOKIE=false

4. Make sure you submit a CSRF token along with your ( PUT / POST / DELETE /etc.) HTTP requests.

• (Ie: Ensure that this request parameter is submitted along with your HTML form requests <input type="hidden" name="_token" value="{{ csrf_token() }}" /> ).
• If in case you make AJAX requests in your application, you may configure ALL AJAX requests to send the CSRF token at all times.
  • Add this " <meta> tag" inside the <head> tag of all your master VIEW templates/layouts. Ie: resources/views/layouts/app.blade.php and resources/views/layouts/guest.blade.php and resources/views/welcome.blade.php
    • <meta name="csrf-token" content="{{ csrf_token() }}">
  • Then, define the required HTTP request headers and recompile your app's static assets ( npm run dev ). resources/js/app.js

$.ajaxSetup({
    headers: {
        "X-CSRF-TOKEN": $('meta[name="csrf-token"]').attr("content"),
        "X-Requested-With": "XMLHttpRequest"
    }
});

5. Regenerate your application key automatically. (Ie: php artisan key:generate ).
6. Clear your application cache. (Ie: php artisan cache:clear ).
7. Confirm that the application caller has read & write permissions in the application's "sessions" & "cache" folder. (Ie: chmod -R 755 "storage/framework/sessions" && chmod -R 755 "bootstrap/cache" ).

Addendum 1:

8. If in case you have Laravel Sanctum installed and enabled, add your application domain among the whitelist of "sanctum stateful domains".

.env file contents

Change myapp.local to your application domain.

SANCTUM_STATEFUL_DOMAINS="myapp.local"

Addendum 2:

9. Ensure that your "session driver" isn't empty. The default value is "file" .

.env file contents

SESSION_DRIVER=file

Addendum 3:

10. Disable the browser cache . This may be beneficial during your development process.

11. Open your web browser, navigate to your application's home page, reload the current page, ignoring cached content. (Ie: On Windows : Shift + F5 or Ctrl + Shift + r and on Mac : ⌘ + Shift + r ).

12. TEST YOUR APP! Check if you still receive the error.

Addendum 4 (Optional):

Only perform the steps below if you reached step 12 and are still having the same error.

A. Clear ALL web browser cache & cookies . TEST YOUR APP!

B. Open an entirely different web browser and test again. If you've been using Google Chome / Safari all along, try testing using Firefox. TEST YOUR APP!

C. Restart your computer and test again. TEST YOUR APP!

Answer 2

1- php artisan route:clear

2- go to CSRF middleware and try to add "*" to your except array

Answer 3

When this happened to me it was because I forgot to add 'name' attribute to my input in the form