Post request in Laravel - Error - 419 Sorry, your session/ 419 your page has expired

php laravel csrf
Thủ Thuật Máy Tính picture Thủ Thuật Máy Tính · Oct 1, 2018 · Viewed 166.9k times · Source

I installed Laravel 5.7

Added a form to the file \resources\views\welcome.blade.php

<form method="POST" action="/foo" >
    @csrf
    <input type="text" name="name"/><br/>
    <input type="submit" value="Add"/>
</form>

Added to file \routes\web.php

Route::post('/foo', function () {
    echo 1;
    return;
});

After sending a POST request:

419 Sorry, your session has expired. Please refresh and try again.

In version 5.6 there was no such a problem.

Answer

Shobi picture Shobi · Nov 11, 2018

Before reading below make sure you have @csrf or {{ csrf_field() }} in your form like

<form method="post">
@csrf <!-- {{ csrf_field() }} -->
... rest of form ...
</form>

The Session Expired or 419 Page Expired error message in larvel comes up because somewhere your csrf token verification fails which means the App\Http\Middleware\VerifyCsrfToken::class middleware is already turned on. In the form the @csrf blade directive is already added, which should be fine as well.

Then the other area to check is the session. The csrf token verification is directly involved with your session, So you might want to check whether your session driver is working or not, such as an incorrectly configured Redis might cause an issue.

Maybe you can try switching your session driver/software from your .env file, the supported drivers are given below

Supported Session drivers in Laravel 5, Laravel 6 and Laravel 7 (Doc Link)

  • file - sessions are stored in storage/framework/sessions.
  • cookie - sessions are stored in secure, encrypted cookies.
  • database - sessions are stored in a relational database.
  • memcached / redis - sessions are stored in one of these fast, cache based stores.
  • array - sessions are stored in a PHP array and will not be persisted.

If your form works after switching the session driver, then something wrong is with that particular driver, try to fix the error from there.

Possible error-prone scenarios

  • Probably file-based sessions might not work because of the permission issues with the /storage directory (a quick googling will fetch you the solution), also remember putting 777 for the directory is never the solution.

  • In the case of the database driver, your DB connection might be wrong, or the sessions table might not exist or wrongly configured (the wrong configuration part was confirmed to be an issue as per the comment by @Junaid Qadir).

  • redis/memcached configuration is wrong or is being manipulated by some other piece of code in the system at the same time.

It might be a good idea to execute php artisan key:generate and generate a new app key which will, in turn, flush the session data.

Clear Browser Cache HARD, I found chrome and firefox being a culprit more than I can remember.

Read more about why application keys are important

Related questions

"The page has expired due to inactivity" - Laravel 5.5

My register page is showing the form properly with CsrfToken ({{ csrf_field() }}) present in the form). Form HTML <form class="form-horizontal registration-form" novalidate method="POST" action="{{ route('register') }}"> {{ csrf_field() }} .... </form> I am using inbuilt authentication …

Read More
Laravel 5 CSRF global token hidden field for all forms in a page

I recently migrated to Laravel 5, and now CSRF check is on every post submission. I thought about removing it but I want to follow the best practices, so I'll keep it that way. On the other hand, I'm problems submitting …

Read More
Laravel 5: Handle exceptions when request wants JSON

I'm doing file uploads via AJAX on Laravel 5. I've got pretty much everything working except one thing. When I try to upload a file that is too big (Bigger than upload_max_filesize and post_max_size I get a …

Read More