Laravel: error “The page has expired due to inactivity” (419 unknown status)

Question

I get the error The page has expired due to inactivity. Please refresh and try again. The page has expired due to inactivity. Please refresh and try again. on a Laravel 5.6.39. In Chrome "Network tab" says error login - 419 unknown status

As soon as I refresh the page, I immediately get the error. So I never see the login view anymore, then I'm stuck . Think to common users that have no experience and only try to refresh the page. If it doesn't work they leave your app.

I can reproduce the error following these steps:

• go to login view
• enter username and password and don't check "remember me" flag
• wait that session expires (for test purpose I set SESSION_LIFETIME to 1 minute)
• hit Login button and I get that error

I already read and tried the most common causes:

• @csrf is present in the login form (it's the default authentication by Laravel)
• the folder storage has 755 but tried also with 775 and 777
• tried to launch php artisan cache:clear php artisan config:clear php artisan route:clear php artisan view:clear php artisan config:cache php artisan key:generate
• I'm using the default SESSION_DRIVER=file but in production I also tried to replace it with SESSION_DRIVER=cookie with SESSION_DOMAIN=https://app.my-domain.com/

Here you'll find my code (controllers, view, routes, .env, ...) : https://gist.github.com/dangelion/aa7fc54ea75f7b2d6062fc79f07e04e8

I really have no more idea to solve this. Some helps? Thanks

Answer 1

When we update our application, a browser may still use old files. If you don't clear your cache, Old files can access problems when you apply.

after add @csrf in form Clear the browser cache and now hope this might work

Answer 2

Well, I have faced the same issue, and to what I know so far, this is a session related problem. what worked for me is (after trying so many different solutions) :

SESSION_DRIVER=cookie with SESSION_DOMAIN=null that's all

after I spent almost hours trying to figure out the solution.

NB: this issue has a variety of solutions depends on your particular case/settings. so my solution here one of them.

Answer 3

It looks like that you have cache issues. Try following steps in the order I am writing them;

1. Make sure @csrf is present right after the form tag starts in your form like so:

 <form method="POST" action="/profile"> @csrf 

2. Run following commands:

   • php artisan view:clear
   • php artisan route:clear
   • php artisan cache:clear
   • php artisan config:clear
   • composer dump-autoload

3. Check the app now in an incognito browser window.

If it works, hurray.

Now you might think that its not valid as you cant ask users of your app to access the app in incognito window. Well, here is how standard web app process works:

• we usually have three servers
  1. Dev
  2. Staging
  3. Production

and we develope and get all these errors on dev server, only after we resolve all this, we push it to staging server, then we test there. Only after all is resolved on staging, then we push final code to production server.

Hence user using app on production server dont need to do anything.

If you are doing all this on ONE server, you might consider doing it properly to avoid situations like this. makes sense?

I hope it helps.