Framework: [5.3] "TokenMismatchException in VerifyCsrfToken.php" in Laravel's auth form

I just created a fresh installation of Laravel. Can't replicate the issue you mentioned.

@srmklive That is possible. On my second computer with different OS and Vagrant installation Laravel's fresh installation works fine. Neverthelss, I've talked with other people on IRC and the issue is real.

I found out that technically everything is okay. The issue remains but the code seems fine. In vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php I placed dd($request) before throw new TokenMismatchException;. The _token value matches _token input that is in form. So... What is going on?

Please ask on the forums. I think it's more likely to be an issue specific to you.

@GrahamCampbell In my opinion it is NOT only specific to me. I can install and use Laravel's 5.2 auth component properly. With 5.3 I get this strange Csrf exception. Also - how this can be specific to me if it's _fresh_ installation and other people have similar issues to me?

I can confirm that the same thing happened to me as well last night using a new installation of Laravel 5.3.1, although I don't use Homestead.

I figured that out but I still consider this issue as a Laravel problem. Small change in framework's code and everything works fine.
https://laracasts.com/discuss/channels/laravel/53-tokenmismatchexception-in-laravels-auth-form

I struggled with the same issue. Version 5.3.4. I develop on Win 7. The issue is present both on my local env. and on my Digital Ocean server. Ubuntu 16.04 with PHP 7.0

@GrahamCampbell
It is a framework issue and should be addressed. Pls.

@MountainDev

1. maybe you could create a pull request. Anyway, thank you so much - your solution saved a lot of time for me.
2. Your hotfix is not always working. Sometimes I need to run php artisan cache:clear to login.

Glad to help @UnrulyNatives. Sure, I can create a pull request.

@GrahamCampbell can You look at this issue again? As You can see, it IS a framework problem but only in specific environment. As far as I know, framework should run without problems on every development machine/os/whatever.

So, if @GrahamCampbell is too busy, maybe @taylorotwell can help and figure out this issue?

@taylorotwell @GrahamCampbell any update regarding this one?

I has same issue.Can anyone fix this issues ? @taylorotwell

@taylorotwell same issue affecting my applications.

I can confirm the same issue happened to me twice, while installing a fresh 5.3 application. I added the fix mentioned by @MountainDev, and it worked. I have a generated a PR for this for inclusion in the framework.

Confirmed just now the issue is real.
I just installed a fresh installation of 5.3 its annoying hahahaha

Can someone reopen this ?

I used Mozilla Browser and it worked, still experiencing the problem in Chrome.

Just tried Mozilla same issue.
this is so annoying hahahaha

Why is this closed??

I don't know with them. its clearly an annoying issue.
the guys have a fix on this but its temporary only.
it involves touching a single line of code in the FileSystem file of Laravel WHICH WE SHOULD NOT BE DOING.

@MountainDev your fix didn't work for me.

@joelezeu
Something that worked for me was clearing my session and using the database driver.

guys? still no fix to the bug?

This bug still exists. I pulled two projects today and this TokenMismatch is still there! Can somebody please look into this seriously istead of ignoring this fail.
Put your egos aside and properly test this and fix it please. Thank you! How many confirmations do you guys need?

@GrahamCampbell @taylorotwell

Again, no bug can be confirmed. Here is a literal video recording of me doing it:

http://d.pr/i/13k0P

Well even it that is true, which i assume is. Explain why so many people (like hundrets) have this issue then? Stating 'its not a bug' because you coincidently can not reproduce it while other people can is really not helping.

I was having this issue this morning, but our app uses spark and we just upgraded to lv5.3 and spark2.0 - Once I updated the version of interceptors.js that our app was using to match the spark version, it resolved it for us. I noticed that without this, the app was in a loop trying to refresh our session tokens. Not sure if that helps anyone else out. I had first tried the file lock update that someone mentioned earlier with no luck, and also tried changing our session drivers without it fixing the bug either. Oddly enough, this only seems to effect our homestead environments, as our staging and production environments don't have this issue at all.

@digitalhuman Calm down. Everything will be OK. All I'm saying is that it works on a fresh Laravel application, so there is some inconsistency between your application and a fresh Laravel application that is causing the problem.

Have you looked into the Vue interceptor issue that @zmsaunders mentions? If you are using vue-resource >= 1.x the interceptor in the bootstrap.js file in Laravel should look like this:

Vue.http.interceptors.push((request, next) => {
    request.headers.set('X-CSRF-TOKEN', Laravel.csrfToken);

    next();
});

I am calm, that is not the point here :) I tried database sessions, file sessions and redis sessions. All create the same error on my fresh Laravel clone.

Well I remember the same kinda think happening in 5.1. I don't use Vue. What I see that is happening is;

After posting the form; In the constructing of the VerifyCsrfToken class the session CSRF is already different from the the 'input' version. Any idea why?

Do you have JavaScript entirely disabled?

Nope, since I had the same issue over and over again I just stopped configuring it in more detail. What I did:

composer create-project --prefer-dist laravel/laravel blog
(Since the above creates and sets the key in .env i did not have to run (php artisan key:generate)

php artisan session:table
php artisan make:auth
php artisan migrate

php artisan serve

Load http://localhost:8000
Checked my database for session; its there and valid. Checked the view, there is a crsf token as meta tag and same value in the form. So that works.

I press 'POST", and I always get this "TokenMismatchException in VerifyCsrfToken.php line 67:" error.

So; what I just did; Removed the vendor folder. Completely; then: composer install.
Load the form, post it: TokenMismatchException in VerifyCsrfToken.php line 67

I see my session in the 'cookies', developer console and database. They match and are valid.

@digitalhuman I've had the excat some problem some time ago while migrating from a a single server setup to a loadbalancing setup with 2 servers running under it.
And i figured out that for some reason the database driver where not using the same row again, it was always creating a new one.

Not sure about what's going on tho, but we managed to make it work by forcing remember me functionallity to be true when a user logs in.

@digitalhuman followed those steps exactly and it works fine on my machine. There are also many Laravel 5.3 projects in production so I highly doubt that is some inherent problem with CSRF in Laravel 5.3.

Have you tried a different browser? A different computer?

Yeah its totally unclear what the error causes. Also because there can be multiple reasons why this occurs. Like one of the issues could be the think @MountainDev is stating here:

https://laracasts.com/discuss/channels/laravel/53-tokenmismatchexception-in-laravels-auth-form

The other thing could be indeed Sessions are not written or stored at all. Server side caching could also interfere. I remember having similar issues in 5.0.

I just managed to solve my issue though. Really painfull to disclose it but ok. Here we go;

1) Default cookie encryption was disabled (I really wounder why but that is another discussion @GrahamCampbell @taylorotwell ). So I enabled it.
2) My .env file had a different domainname in it. Obviously then it gets ........!#$#@!!$$#@
Solution: Make sure APP_URL matched the url of your dev environment. In my case: http://localhost, in some cased: http://localhost.dev etc etc etc

Good luck. Maybe we could combine the solutions?

/hides in the corner

What do you mean by default cookie encryption was disabled? You disabled it?

@taylorotwell Nope it was default disabled. I enabled it.

https://snag.gy/7r3GCp.jpg

guys I just tested it on XAMPP Environment.
fresh installation of 5.3 is running okay..

the bug is occurring on my Laragon Environment.
I'll try to update my Laragon and clear some cache and cookies.
to see if it works.

@oitsem099 I guess you now know the checks you need to do right?

1) Check if a session is generated, stored and valid
2) Check for correct directory and file permissions
3) Check for correct APP_URL in .env
4) Debug with unencrypted cookies/sessions could also help.
5) Check session domain equals APP_URL domain

lol all I did was delete the current project.
cleared my cache and cookies.
installed a fresh 5.3 and restarted my Laragon Environment.
now its working..that's really weird.
I still have the same settings like before.

A quick follow up to this issue....
I'm using, Vagrant and VirtualBox on macOS Sierra and Chrome.
Using the Laravel 5.3 install guide, and a fresh install the Auth - Register / Logon work fine.
Why I was searching the google's for the "VerifyCsrfToken.php" error because previously. I had set up a Vagrant, VirtualBox virtual machine and 'copied' my website files into the virtual machine using a file sync method, one by one, but sometimes whole folders.

I believe the problem is with encoding. I found that a lot of files were just broken. Extra characters, weird line wraps etc.

Like, @taylorotwell said in a reply to @digitalhuman
@digitalhuman followed those steps exactly and it works fine on my machine. There are also many Laravel 5.3 projects in production so I highly doubt that is some inherent problem with CSRF in Laravel 5.3.

Fresh installs work, because they're installed or created on one single machine, but a few of us have altered the files by moving, copying etc...

I don't have a fix, but it does work if someone else wants to try some of the deep core files... I open a file that is causing me trouble ... copy the text into a plan text editor in UTF-8, delete the file, and then make a new file, copy/paste it back ... save. It works.

just my 2 cents.

@milkandteamedia Yeah I gues those steps are kinda it. If we need to add more then please let me know. I will edit that post. I guess that is the fix.
I had the same issue because I copied my .env file from another project. Changed the key and DB user but forgot to change the APP_URL :) then everything gets $@##RF%^@#

@digitalhuman In addition to moving/copying files from my local OS into a vagrant / VirtualBox sync folder they were once merged from GitHub ...
Again I don't have a fix or solution I just wanted to add my experience to this thread.
Copying and Pasting fresh text into fresh files is a mind numbing procedure, I started over with a fresh install and everything is working...

For reference, I just had this issue and after adding APP_URL to my .env the error was gone

I temporarily had this issue as well. It seems to occur when APP_URL and SESSION_DOMAIN are not inline with one another.

It also occurred when my _Session Cookie Name_ (config/session.php) had a dot (e.g. jason.pureconcepts.net).

@jasonmccreary : Same behaviour here, once the APP_URL & SESSION_DOMAIN are the same, the tokenmismatch exception disappeared

Tip: If you use the file driver for sessions check that storage folder it's writable and the web server user has access to read-write. TokenMismatchException is thrown if the CSRF token is not found in session (which is stored on storage/framework/sessions folder).

In my case, after the APP_URL & SESSION_DOMAIN are the same (added manually), the tokenmismatch exception just appeared sometimes. Another problem comes, logout function not working.
After click logout it will redirect to root, but the session still in there. So after click Login, will redirected to home, not to login form.

@goesredy Did you validate if an actual session is really created in either a DB or Redis or File? Sounds like some IO issue to me.

@digitalhuman Yap, got it, sorry. Issues on mine. But still need to set SESSION_DOMAIN to make it worked.

This is not a bug. Just clear localhost cookies on your browser every time you need to switch to other laravel projects.

I encountered same problem but I was able to resolve it by ensuring the following keys in .env are correct

  APP_URL=http://mylocalsite.dev
  SESSION_DOMAIN=mylocalsite.dev

@digitlimit Exactly. Good point. Added 'session' part to the list above.

same problem here. why closed this issue.
i tried all default installation. but still showing "TokenMismatchException in VerifyCsrfToken.php line 68:"

Okey suddenly I got this error too. But only in one route. I'm trieing to solve this about 3 days. I googled everything and tried what others wrote but nothing works. Laravel creates a new session everytime I load the page and the datas I stored in session are lost. Any suggestion?

Did you checked all options that I put in that post?

Get Outlook for iOShttps://aka.ms/o0ukef

On Mon, Nov 28, 2016 at 10:04 PM +0100, "Timot Tarjani" <[email protected]notifications@github.com> wrote:

Okey suddenly I got this error too. But only in one route. I'm trieing to solve this about 3 days. I googled everything and tried what others wrote but nothing works. Laravel creates a new session everytime I load the page and the datas I stored in session are lost. Any suggestion? Unfortunately it makes my app unusable after weeks of working and I can't finish the projects to my clients ... :(

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com/laravel/framework/issues/15040#issuecomment-263393717, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AAvqMLGltdmSZYoiX9LbjRbNK1KmKXp2ks5rC0HzgaJpZM4Js_eC.

Permissions are OK. Encrypt enabled. app_url and session_domain are the same. Session is generated. But the session token and the token that the form sends not the same.

@ttimot24 What is your Environment like? Are you using Shared hosting, dev'ing locally? Are you using Vagrant or Virtual Box? I'm on the side that, moving files from local desktop environments to github and back etc might be the issue.

@ttimot24 Yeah that is exactly what I expect it to do. I really would like to know what your environment is like and where you develop on. Did you try settings session to 'file' and see if the form works after that?
Another option is to check if that /url/ is begin cached or not. I had some unexpected behaviour with that as well.

I found the problem, there was a Session:flush() in one of my middleware. Thanks for the help! :)

I found the solution by giving permission on the storage folder.

switched to db session management as described here:
http://stackoverflow.com/questions/30338518/persisting-sessions-across-subdomains-in-laravel-5/39741256#39741256

I suppose in my case the issue was related to file permissions.

Hello everyone,

I am trying to figure this issue out aswell, but I am experiencing some troubles...
So far I have tried:

• The .env APP_URL and SESSION_DOMAIN (once exactly the same name "http://dev.project", once APP_URL "http://dev.project" and SESSION_DOMAIN "dev.project").

• I have tried the thing where <!-- CSRF Token --> <meta name="csrf-token" content="{{ csrf_token() }}"> is only in the app.blade.php and nowhere else, then when it's only in the files with a form...

• File permissions are given to storage dir, SESSION_DRIVER is set to 'file'.

• Copy my files to a complete new setup...

• Emptied my cache, deleted sessions and then logged back in

Login and register forms work without any problems. It's just my custom form (which only can be accessed when logged in) which won't work (with and without csrf token).
TokenMismatchException in VerifyCsrfToken.php line 68:

How can I check the other points about the session? I am still very new to Laravel 5.3, so I am sorry if I don't know how to check the session values.

My workstation:
I am working on a Mac OS Sierra 10.12.2 with PHPStorm and Laravel 5.3, VueJS and Bulma (no Bootstrap). My local server works with MAMP.

Hey happy new year everyone.
have got same problem too
Its funny that i cant see any
permissions, encryption property,
SESSION_DOMAIN in .env file

i use laravel 5.3.22 with xampp

i dont know my. env file is different or what?

@Natluder i have solved mine.. ........
sometimes when we code we make silly mistakes........Go to your html form that is either the sign up or register form in the form tag add {{csrf_field()}} in it

i pray this helps you

@Zedonboy Happy new Year to you too!

As I said before, register and login work. I am using this form of linking my CSRF token anyway, so I already have this. But I also tried it the other way with a hard coded CSRF token in a hidden input.

@Natluder are you using scalfolded auth in laravel for your login and Registration?. .....
if not i would love to see your code

honestly most of the time such errors comes from the form itself.. ....... for me

@Zedonboy I have used php artisan make:auth as always...

My custom form for creating a project looks like this:

<form role="form" method="POST" action="http://dev.project/create" class="control is-horizontal">
{{ csrf_field() }}
<div class="addmenu">
<div class="control is-horizontal">
<div class="control-label">
<label class="label">Name</label>
</div>
<div class="control is-fullwidth">
<input id="name" type="text" name="name" required="required" autofocus="autofocus" class="input">
</div>
</div>
<div class="control is-horizontal">
<div class="control-label">
<label class="label">Description</label>
</div>
<div class="control is-fullwidth">
<textarea id="description" name="description" rows="4" class="textarea"></textarea>
</div>
</div>
</div>
<div class="control is-horizontal btn-pull-right">
<button type="submit" class="button is-primary">
<span class="icon"><i class="fa fa-plus-square"></i></span>
<span>Create</span>
</button>
</div>
</div>
</form>

Usually I copy & paste forms from project to project (the base tags). So I don't really get why this should be wrong while all others work...

The web.php Route is as follows:
Route::post('/add', 'ProjectController@create');

And the Controller function ProjectController create:

public function create(Request $request) { if ($request->input('name') !== null && $request->input('description') !== null) { $event = new Event(); $event->name = $request->input('name'); $event->description = $request->input('description'); $user = Auth::user(); if($user) $event->user_id = $user->id; $event->save(); } return self::index(); }

well have printed your request in json format and _token is the same.
everything seems ok in my machine .

What sort of bug is this?

@Natluder remove the X-CSRF-TOKEN at the hearder

coz am trying to read the code of VerifyCsrfToken. php@handle function....
check whether your app match to 4 conditions...............#NOTHING WAS EASY EVEN PROGRAMMING

@Natluder from what am analyzing here.....VerifyCsrfToken@tokenmatch function, $sessionToken and $token.. ......may not be equal

Logically i suggest do something to the $sessionToken by.....maybe flush your sessions, cache , refresh your browser.. .....to initialize the $sessionToken.. ..

@Zedonboy, It's getting weirder... I flush my session now at logout (via "/logout" route). I cleared my cache via php artisan cache:clear.
Now when I login, go to a different page I directly get logged out again. I think something is completely wrong here, but I do not get what it is. Also I created three times a new project, php artisan make:auth, copied parts of my project (very basics like welcome.blade.php and style.css) and it's the same...

@Natluder this is really a fluke not a bug
for the fact you have tried in many fresh project...... i guess its from you.. .. Aiit lets try unconventional means

1. try changing your form action to just "create" dont put any http//dev.project
2. try the using the most simplest form no css just
   {{csrf_token()}} .......to check the bug
   3.disable the CSRFTOKEN middleware for the meantime

try each step before proceeding to the next

Sometimes getting same error. Tried changing the session driver to database, but didn't help. So, finally, is there any fix?

Possible solution: (WORKED FOR ME)

• Check if exist the folder sessions in storage/framework;
• If exist, just run rm -rf storage/framework/sessions/* && php artisan cache:clear;
• If it does not exist, just run mkdir storage/framework/sessions in root of project;

Ok, for me, changing the session driver to database in config almost fixed the problem, sometimes the error appears again, but it happens only after refreshing a page and editing the source; then, you just need to clean the browser's cache

Check your .env file for APP_URL and SESSION_DOMAIN; these two needs to match exactly.

I donot like this error.

Why you guys wont fix it before release

I have this problem also . when I want to test project in new computer this error happened and I must to delete all browser sessions to fix the problem

Mine is happen only when i check remember me when login.

I hope it can be fixed
*But currently using sqlite

I also have this issue but only in Chrome. Both in Ubuntu 14 and Windows 10. PHP7.

Just a little interesting fact: This error stopped occurring once I stopped using Vagrant and switched to Docker. :)

I have no idea how to fix this. I've done everything on this thread, I've done fresh installations of Laravel. And it's not resolving.

Any other ideas?

hey guys, check the Session domain in your .env or config files. It should be same with the host name when you access it in your brower.

There's no session domain in the env file by default. There's an app domain and mine is set correctly.

I fixed this error by add SESSION_DOMAIN= somedomain in my .env file

Didn't work.

is there a
'domain' => env('SESSION_DOMAIN'),

In your config session file?

Yes. And it matches.

Didn't work for me either :/

On Sun, Feb 12, 2017 at 9:06 AM, Jeremy Aufderheide <
[email protected]> wrote:

Yes. And it matches.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/laravel/framework/issues/15040#issuecomment-279232211,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFMEiVpm6dVj6TImrk2az7c-JCWeDDHnks5rbzwOgaJpZM4Js_eC
.

Those having problems. Are you making calls over AJAX? If so, have you ensured that you're passing the XSRF-TOKEN header? If not, your application is probably generating a new one every request causing this error. We also noticed this as we had a broken Interceptor on vue-resource.

https://laravel.com/docs/5.3/csrf#csrf-x-csrf-token

If you are using AJAX add this command:
$.ajax({
headers : {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});
Working in resources controller...

Hope it Helps!

That fixed it for me, thanks!

Actually might have spoken a little to soon. Seems to resurface after
browsing a bit.

On Tue, Feb 21, 2017 at 6:53 PM, Cristian Fundanera <
[email protected]> wrote:

If you are using AJAX add this command:
$.ajax({
headers : {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});
Working in resources controller...

Hope it Helps!

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/laravel/framework/issues/15040#issuecomment-281553210,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFMEiRzfUIsLnyE6YqnrqpDMSCR8gpH-ks5re6MSgaJpZM4Js_eC
.

I installed laravel auth module with :

php artisan session:table
php artisan make:auth
php artisan migrate

I was facing same issue with laravel 5.4 .. and then following command works for me :)

chmod 777 storage/framework/sessions/

before this it was

chmod 775 storage/framework/sessions/

Happy coding

@MountainDev I just type this: php artisan serve --host=localhost... and it works

Coincidentally, I did the opposite and it worked.

I stopped typing php artisan serve --host=localhost and instead just
did php artisan serve and let it serve on 127.0.0.1:8000 and then it
started working in Chrome.

On Tue, Feb 28, 2017 at 11:43 AM, Carlos Ballestas <[email protected]

wrote:

@MountainDev https://github.com/MountainDev I just type this: php
artisan serve --host=localhost... and it works

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/laravel/framework/issues/15040#issuecomment-283141865,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFMEiTbfQN5QwLjvw8PRn59PsdJHRDj6ks5rhHjzgaJpZM4Js_eC
.

@ivan-grozni Thanks bro, it works.

silly but make sure _token input in html must not set to disabled in any way.
strange but disabled="false" worked for me 👍

everything is working with php artisan serve but when i added domain it was giving me verifyToken error ... after some tinkering i ran chmod 777 storage/framework/sessions/ and it worked just fine.
However a better way to do that according to my settings

sudo chown -R www-data:www-data project-folder/
sudo chmod 775 -R bootstrap project-folder/public
sudo usermod -a -G www-data myusername //so that you can edit files with sublime and other tools
sudo chmod -R ug+rwx storage project-folder/bootstrap/cache

Do not edit your Laravel files. It is usually the last thing with the problem. It is most likely a permission issue. If developing on Linux this happens because, www-data is being denied permission to write to storage directory. To fix this, just run

cd /pathtorootdirectory
$ sudo chown -R www-data:www-data storage

Was trying to resolve it for past 2 hours.
Then I realized what time is it... Daylight saving time began, here, in Serbia, 2 hours ago.
It is working now and, although I did reboot my laptop it works on my dev server also (without reboot). Very strange, but I'm 99% sure that it has something to do with it (CSRF token creation time)...

@jasonmccreary Thanks, I had same problem. Problem was with incorrect values in APP_URL and SESSION_DOMAIN. Because of this session was starting after every request and there was no token in old session.

Just to see how many people solved this annoying error just by reading this 'Issue' is just great! Maybe its not the right place since it is a configuration error and not really a bug but still. People think this is an issue or a bug so, the first start look here I guess.

In my case the issue was related to file permissions (storage folder).

Had torn my hair out because of this problem until I set both APP_URL and SESSION_DOMAIN, AND restarted the apache server.
So
APP_URL=http://localhost
SESSION_DOMAIN=localhost
and now its working

If it still doesn't work, try changing the cookie name in config/session.php and of course change encrypt to true

EDIT: So some parts still didn't work. More digging later I noticed empty space at the start of my layout.blade.php and fixed that to make everything work :)
And make sure you have
<meta name="csrf-token" content="{{ csrf_token() }}">
And artisan cache:clear and clear cookies and restart server.

The whole day is wasted to solve my token mismatch, I tried everything, still no luck. I'm so annoyed and sad.

@ttimot24 i know that feeling man. That was my frustration as well. Did you try everything we pointed out here? All steps? Do you still have the issue? It's like ..... months ago? Or is this a new project?

Make sure you check; database, session and filestore. Validate your .env with the application config in the way that they don't overwrite eachother. Else; drop a note.

@digitalhuman It's the same project, but a different issue. I have multiple login for users and for admins. The admin area login works fine, but the website login not. I realised that if I go to my website and try to login, then comes the exception. If I refresh a several times, it starts working. Then if I close the browser and reopen, it won't work until a several try again. It not even reach the Auth:attemp() so it's not a redirect issue. I have reg pages, profile update pages and some other forms, everything works except this login.
Tried with different browsers (iexplorer, firefox,chrome, avastwebbrowser), and tried with other computers too. I'm pointless.

in /config/session.php you have a setting 'session_close' or something. What value does it have?

I'm looking for a life line here as I've spent more hours than I wish to mention on googling and reading threads on this issue and trying every possible solution with no luck. I've literally tried every step in this thread along with several others, multiple times, yet I still get this error.

I set homestead on a new laptop and on my desktop and then pulled a current project from git, migrated and seeded the database. But, when I try to login to admin area of the app, I get the error: TokenMismatchException in VerifyCsrfToken.php line 53.

I'm not sure what else to try here, I get the exact same error on both my desktop and laptop, any other suggestions?

@thatguy76

I'm not sure what else to try here, I get the exact same error on both my desktop and laptop, any other suggestions?

Try this:
In my case the issue was related to file permissions (storage folder).

@allok
Nothing here to try. Thanks.

Had same issue, using docker. It is really problem with permissions in my case. Solution is adding one line to php-fpm related Dockerfile: RUN usermod -u 1000 www-data

Hi! try this! (laravel 5.4)
file session.php

'expire_on_close' => true

good luck!

@ellisio

Just a little interesting fact: This error stopped occurring once I stopped using Vagrant and switched to Docker. :)

Interestingly, when I run my test directly on my local machine, everything works like a charm... :smiley:. However, if I run my test through docker, I get a failure Expected status code 200 but received 419. :cry:

Using $this->withoutMiddleware(); in the latter case solves the problem (test are passing) although I can't figure out why... :confused:

@ellisio I finally figured out what the problem was with Expected status code 200 but received 419 when running tests via docker. Specifically, my test parameters (incl test databases names, etc) existed on a .env.testing file but I was mistekenly using the paameters defined on .env file. By correcting this everything runs smoothly :sunglasses:

Maybe this article can help someone.

you all need to extend class AccessTokenController

class AccessTokenController extends PassportAccessTokenController

  public function issueToken(ServerRequestInterface $request)
    {
        try {
            return $this->convertResponse(
                $this->server->respondToAccessTokenRequest($request, new Psr7Response)
            );
        } catch (OAuthServerException $exception) {
           // your custom logic

            return $this->withErrorHandling(function () use($exception) {
                throw $exception;
            });
        }
    }

HAPPY CODING

Try it it will solve your problem, It is because of http and https conflict.
Goto "session.php" file change this: 'secure' => env('SESSION_SECURE_COOKIE', false), to this: 'secure' => true,

@malickateeq you can add SESSION_SECURE_COOKIE=true in your .env file instead of changing config file.