My register page is showing the form properly with CsrfToken ({{ csrf_field() }}) present in the form).
Form HTML
<form class="form-horizontal registration-form" novalidate method="POST" action="{{ route('register') }}">
{{ csrf_field() }}
....
</form>
I am using inbuilt authentication for the users. Have not changed anything except the routes and redirects.
When I submit the form (just after reloading also), it gives that The page has expired due to inactivity. Please refresh and try again. error.
My be I am missing a very small thing. But not sure what it is. Any help?
Update
Found the issue. The session driver was set to array. Changed it to file and the error is gone now. But what is wrong if I use array?
If you're coming to this answer directly from a search, make sure you have already added the csrf token to your form with {{ csrf_field() }} like the OP.
If you have your session driver set to file:
May have something to do with the storage_path not being writable. This is where it stores session data regarding tokens if you're using file based sessions. The can be verified with is_writable(config('session.files'))
For the OP, the session driver was set to array. Array is for testing only. Since data is not persisted, it will not be able to compare the token on the next request.
The array driver is used during testing and prevents the data stored in the session from being persisted.
https://laravel.com/docs/5.5/session#configuration
Check config/session.php
Lastly, an issue I just had, we had a project which has the session domain and secure settings in config/session.php but the development site was not using HTTPS (SSL/TLS). This caused this generic error since sessions.secure was set to true by default.
I ran into the same issue in Laravel 5.5. In my case, it happened after changing a route from GET to POST. The issue was because I forgot to pass a CSRF token when I switched to POST.
You can either post a CSRF token in your form by calling:
{{ csrf_field() }}
Or exclude your route in app/Http/Middleware/VerifyCsrfToken.php
protected $except = [
'your/route'
];
Try all of them.
composer dump-autoload
php artisan optimize
php artisan cache:clear
php artisan config:clear
php artisan route:clear
php artisan view:clear
This caused because of Illuminate\Session\TokenMismatchException
look at this code sample how to handle it properly:
My case was solved with SESSION_DOMAIN, in my local machine had to be set to xxx.localhost. It was causing conflicts with the production SESSION_DOMAIN, xxx.com that was set directly in the session.php config file.
Some information is stored in the cookie which is related to previous versions of laravel in development. So it's conflicting with csrf generated tokens which are generated by another's versions. Just Clear the cookie and give a try.
For those who still has problem and nothing helped. Pay attention on php.ini mbstring.func_overload parameter. It has to be set to 0. And mbstring.internal_encoding set to UTF-8. In my case that was a problem.
In my case, the site was fine in server but not in local. Then I remember I was working on secure website.
So in file config.session.php, set the variable secure to false
'secure' => env('SESSION_SECURE_COOKIE', false),
I change permission to storage and error was gone. It seemed lack of permission was the issue.
sudo chmod -R 775 storage/
I had the app with multiple subdomains and session cookie was the problem between those. Clearing the cookies resolved my problem.
Also, try setting the SESSION_DOMAIN in .env file. Use the exact subdomain you are browsing.
Be sure to have the correct system time on your web server. In my case, the vagrant machine was in the future (Jan 26 14:08:26 UTC 2226) so of course the time in my browser's session cookie had expired some 200+ years ago.
set mbstring.func_overload = 2
it helped me
I have figured out two solution to avoid these error 1)by adding protected $except = ['/yourroute'] possible disable csrf token inspection from defined root. 2)just comment \App\Http\Middleware\VerifyCsrfToken::class line in protected middleware group in kernel
I had the same problem but the problem is not in the framework but in the browser. I don't know why but google chrome blocks cookies automatically, in my case. After allowed cookies the problem was resolved.
Short answer
Add the route entry for register in app/Http/Middleware/VerifyCsrfToken.php
protected $except = [
'/routeTo/register'
];
and clear the cache and the cache route with the commands:
php artisan cache:clear && php artisan route:clear
Details
Every time you access a Laravel site, a token is generated, even if the session has not been started. Then, in each request, this token (stored in the cookies) will be validated against its expiration time, set in the SESSION_LIFETIME field on config/session.php file.
If you keep the site open for more than the expiration time and try to make a request, this token will be evaluated and the expiration error will return. So, to skip this validation on forms that are outside the functions of authenticated users (such as register or login) you can add the except route in app/Http/Middleware/VerifyCsrfToken.php.
You Must have file type FileName.blade.php in laravelFileName.erb.rb in Ruby and Rails
and append any one
{{ csrf_token() }}<input type="hidden" name="_token" value="{{ csrf_token() }}" ><meta name="csrf-token" content="{{ csrf_token() }}">
来源:https://stackoverflow.com/questions/46141705/the-page-has-expired-due-to-inactivity-laravel-5-5