Can you create a simple Laravel application that doesn't work for you and upload it to GitHub?

appears to be broken on v5.7.9 but v5.7.3 works perfectly

And can you confirm exactly what version stops working? i..e does v5.7.4 work or not etc?

CsrfCausing419.zip

^ There is the barebones code for the project demonstrating the issue. When you submit the form on the homepage, it returns a 419 error. This happens regardless of whether using ajax submission like in the project (still providing the _token value) or submitting the form the old fashioned way.

The form works for me. Can you reproduce the issue in Homestead?

BTW: Your sample app uses Laravel 5.7.8 (not 5.7.9).

Heh, I swore it said 5.7.9 when I ran php artisan --version. Anyhow, I have tested in Homestead which works fine. It's just on my ubuntu server with nginx that does not work. Perhaps it's related to the server software or configuration?

What about the versions between 5.7.3 and 5.7.9?

Is there a faster way to check each version than by running laravel new appname --5.7.x and copying all the modified files to the newly created Laravel app? Perhaps a like a laravel upgrade -5.7.x or something similar?

Set a specific version of the laravel/framework package in your composer.json file and run composer update.

Thank you, that was much less painless than I had first anticipated. I started using Laravel earlier this year and I haven't yet had a reason to use composer, which is very nice.

Additionally, I've now run apt-get update on my server, and the problem persists.

I tested 5.7.4 and it began giving me the 419 error on my webserver. I will continue to test the additional versions as time permits, though they probably will all give the 419 if the bug was introduced in 5.7.4 - I guess we'll see soon enough.

5.7.5, 5.7.6, 5.7.7, and 5.7.8 confirmed also throw the 419.

@Xerotherm1c Just test your source code and it works fine for me.

Ok not cool, it's no longer working on 5.7.3 for me, including the sites that were working before. I think the apt-get update may have borked it entirely for me.

My current packages:

accountsservice/bionic,now 0.6.45-1ubuntu1 amd64 [installed]
acl/bionic,now 2.2.52-3build1 amd64 [installed]
acpid/bionic,now 1:2.0.28-1ubuntu1 amd64 [installed]
adduser/bionic,now 3.116ubuntu1 all [installed]
amd64-microcode/bionic-updates,now 3.20180524.1~ubuntu0.18.04.2 amd64 [installed,automatic]
apparmor/bionic-updates,bionic-security,now 2.12-4ubuntu5.1 amd64 [installed]
apport/bionic-updates,now 2.20.9-0ubuntu7.4 all [installed]
apport-symptoms/bionic,now 0.20 all [installed]
apt/bionic-updates,bionic-security,now 1.6.3ubuntu0.1 amd64 [installed]
apt-transport-https/bionic-updates,bionic-security,now 1.6.3ubuntu0.1 all [installed]
apt-utils/bionic-updates,bionic-security,now 1.6.3ubuntu0.1 amd64 [installed]
at/bionic,now 3.1.20-3.1ubuntu2 amd64 [installed]
base-files/bionic-updates,now 10.1ubuntu2.3 amd64 [installed]
base-passwd/bionic,now 3.5.44 amd64 [installed]
bash/bionic,now 4.4.18-2ubuntu1 amd64 [installed]
bash-completion/bionic,now 1:2.8-1ubuntu1 all [installed]
bc/bionic,now 1.07.1-2 amd64 [installed]
bcache-tools/bionic,now 1.0.8-2build1 amd64 [installed]
bind9/bionic-updates,bionic-security,now 1:9.11.3+dfsg-1ubuntu1.2 amd64 [installed]
bind9-host/bionic-updates,bionic-security,now 1:9.11.3+dfsg-1ubuntu1.2 amd64 [installed]
bind9utils/bionic-updates,bionic-security,now 1:9.11.3+dfsg-1ubuntu1.2 amd64 [installed,automatic]
bsdmainutils/bionic,now 11.1.2ubuntu1 amd64 [installed]
bsdutils/bionic-updates,now 1:2.31.1-0.4ubuntu3.1 amd64 [installed]
btrfs-progs/bionic,now 4.15.1-1build1 amd64 [installed]
btrfs-tools/bionic,now 4.15.1-1build1 amd64 [installed]
busybox-initramfs/bionic,now 1:1.27.2-2ubuntu3 amd64 [installed]
busybox-static/bionic,now 1:1.27.2-2ubuntu3 amd64 [installed]
byobu/bionic,now 5.125-0ubuntu1 all [installed]
bzip2/bionic,now 1.0.6-8.1 amd64 [installed]
ca-certificates/bionic,now 20180409 all [installed]
command-not-found/bionic-updates,now 18.04.5 all [installed]
command-not-found-data/bionic-updates,now 18.04.5 amd64 [installed]
composer/bionic,now 1.6.3-1 all [installed]
console-setup/bionic-updates,now 1.178ubuntu2.7 all [installed]
console-setup-linux/bionic-updates,now 1.178ubuntu2.7 all [installed]
coreutils/bionic,now 8.28-1ubuntu1 amd64 [installed]
cpio/bionic,now 2.12+dfsg-6 amd64 [installed]
crda/bionic,now 3.18-1build1 amd64 [installed,automatic]
cron/bionic,now 3.0pl1-128.1ubuntu1 amd64 [installed]
cryptsetup/bionic-updates,now 2:2.0.2-1ubuntu1.1 amd64 [installed]
cryptsetup-bin/bionic-updates,now 2:2.0.2-1ubuntu1.1 amd64 [installed]
curl/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.3 amd64 [installed]
dash/bionic,now 0.5.8-2.10 amd64 [installed]
dbus/bionic,now 1.12.2-1ubuntu1 amd64 [installed]
debconf/bionic,now 1.5.66 all [installed]
debconf-i18n/bionic,now 1.5.66 all [installed]
debianutils/bionic,now 4.8.4 amd64 [installed]
diffutils/bionic,now 1:3.6-1 amd64 [installed]
dirmngr/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.1 amd64 [installed]
distro-info-data/bionic-updates,bionic-security,now 0.37ubuntu0.1 all [installed]
dmeventd/bionic,now 2:1.02.145-4.1ubuntu3 amd64 [installed]
dmidecode/bionic,now 3.1-1 amd64 [installed]
dmsetup/bionic,now 2:1.02.145-4.1ubuntu3 amd64 [installed]
dns-root-data/bionic,now 2018013001 all [installed]
dnsmasq-base/bionic,now 2.79-1 amd64 [installed]
dnsutils/bionic-updates,bionic-security,now 1:9.11.3+dfsg-1ubuntu1.2 amd64 [installed]
dosfstools/bionic,now 4.1-1 amd64 [installed]
dpkg/bionic,now 1.19.0.5ubuntu2 amd64 [installed]
e2fsprogs/bionic,now 1.44.1-1 amd64 [installed]
eatmydata/bionic,now 105-6 all [installed]
ebtables/bionic-updates,now 2.0.10.4-3.5ubuntu2.18.04.3 amd64 [installed]
ed/bionic,now 1.10-2.1 amd64 [installed]
efibootmgr/bionic,now 15-1 amd64 [installed]
efivar/bionic,now 34-1 amd64 [installed]
eject/bionic,now 2.1.5+deb1+cvs20081104-13.2 amd64 [installed]
ethtool/bionic,now 1:4.15-0ubuntu1 amd64 [installed]
fdisk/bionic-updates,now 2.31.1-0.4ubuntu3.1 amd64 [installed]
file/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.1 amd64 [installed]
findutils/bionic,now 4.6.0+git+20170828-2 amd64 [installed]
fontconfig-config/bionic,now 2.12.6-0ubuntu2 all [installed,automatic]
fonts-dejavu-core/bionic,now 2.37-1 all [installed,automatic]
fonts-ubuntu-console/bionic,now 0.83-2 all [installed]
friendly-recovery/bionic,now 0.2.38 all [installed]
ftp/bionic,now 0.17-34 amd64 [installed]
fuse/bionic,now 2.9.7-1ubuntu1 amd64 [installed]
galera-3/bionic,now 25.3.20-1 amd64 [installed,automatic]
gawk/bionic,now 1:4.1.4+dfsg-1build1 amd64 [installed]
gcc-8-base/bionic-updates,now 8.2.0-1ubuntu2~18.04 amd64 [installed]
gdisk/bionic,now 1.0.3-1 amd64 [installed]
geoip-database/bionic,now 20180315-1 all [installed]
gettext-base/bionic,now 0.19.8.1-6 amd64 [installed]
gir1.2-glib-2.0/bionic,now 1.56.1-1 amd64 [installed]
git/bionic-updates,bionic-security,now 1:2.17.1-1ubuntu0.3 amd64 [installed]
git-man/bionic-updates,bionic-security,now 1:2.17.1-1ubuntu0.3 all [installed]
gnupg/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.1 amd64 [installed]
gnupg-l10n/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.1 all [installed]
gnupg-utils/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.1 amd64 [installed]
gpg/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.1 amd64 [installed]
gpg-agent/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.1 amd64 [installed]
gpg-wks-client/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.1 amd64 [installed]
gpg-wks-server/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.1 amd64 [installed]
gpgconf/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.1 amd64 [installed]
gpgsm/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.1 amd64 [installed]
gpgv/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.1 amd64 [installed]
grep/bionic,now 3.1-2 amd64 [installed]
groff-base/bionic,now 1.22.3-10 amd64 [installed]
grub-common/bionic-updates,now 2.02-2ubuntu8.6 amd64 [installed,automatic]
grub-efi/bionic-updates,now 2.02-2ubuntu8.6 amd64 [installed]
grub-efi-amd64/bionic-updates,now 2.02-2ubuntu8.6 amd64 [installed]
grub-efi-amd64-bin/bionic-updates,now 2.02-2ubuntu8.6 amd64 [installed]
grub-efi-amd64-signed/bionic-updates,now 1.93.7+2.02-2ubuntu8.6 amd64 [installed]
grub2-common/bionic-updates,now 2.02-2ubuntu8.6 amd64 [installed,automatic]
gzip/bionic,now 1.6-5ubuntu1 amd64 [installed]
hdparm/bionic,now 9.54+ds-1 amd64 [installed]
hostname/bionic,now 3.20 amd64 [installed]
htop/bionic,now 2.1.0-3 amd64 [installed]
info/bionic,now 6.5.0.dfsg.1-2 amd64 [installed]
init/bionic,now 1.51 amd64 [installed]
init-system-helpers/bionic,now 1.51 all [installed]
initramfs-tools/bionic-updates,now 0.130ubuntu3.5 all [installed]
initramfs-tools-bin/bionic-updates,now 0.130ubuntu3.5 amd64 [installed]
initramfs-tools-core/bionic-updates,now 0.130ubuntu3.5 all [installed]
install-info/bionic,now 6.5.0.dfsg.1-2 amd64 [installed]
intel-microcode/bionic-updates,bionic-security,now 3.20180807a.0ubuntu0.18.04.1 amd64 [installed,automatic]
iproute2/bionic,now 4.15.0-2ubuntu1 amd64 [installed]
iptables/bionic,now 1.6.1-2ubuntu2 amd64 [installed]
iputils-ping/bionic,now 3:20161105-1ubuntu2 amd64 [installed]
iputils-tracepath/bionic,now 3:20161105-1ubuntu2 amd64 [installed]
irqbalance/bionic,now 1.3.0-0.1 amd64 [installed]
isc-dhcp-client/bionic,now 4.3.5-3ubuntu7 amd64 [installed]
isc-dhcp-common/bionic,now 4.3.5-3ubuntu7 amd64 [installed]
iso-codes/bionic,now 3.79-1 all [installed]
iucode-tool/bionic,now 2.3.1-1 amd64 [installed,automatic]
iw/bionic,now 4.14-0.1 amd64 [installed,automatic]
jsonlint/bionic,now 1.7.1-1 all [installed,automatic]
kbd/bionic,now 2.0.4-2ubuntu1 amd64 [installed]
keyboard-configuration/bionic-updates,now 1.178ubuntu2.7 all [installed]
klibc-utils/bionic,now 2.0.4-9ubuntu2 amd64 [installed]
kmod/bionic,now 24-1ubuntu3 amd64 [installed]
krb5-locales/bionic,now 1.16-2build1 all [installed]
landscape-common/bionic-updates,now 18.01-0ubuntu3.1 amd64 [installed]
language-selector-common/bionic-updates,now 0.188.1 all [installed]
less/bionic,now 487-0.1 amd64 [installed]
libaccountsservice0/bionic,now 0.6.45-1ubuntu1 amd64 [installed]
libacl1/bionic,now 2.2.52-3build1 amd64 [installed]
libaio1/bionic,now 0.3.110-5 amd64 [installed,automatic]
libapparmor1/bionic-updates,bionic-security,now 2.12-4ubuntu5.1 amd64 [installed]
libapt-inst2.0/bionic-updates,bionic-security,now 1.6.3ubuntu0.1 amd64 [installed]
libapt-pkg5.0/bionic-updates,bionic-security,now 1.6.3ubuntu0.1 amd64 [installed]
libargon2-0/bionic,now 0~20161029-1.1 amd64 [installed]
libasn1-8-heimdal/bionic,now 7.5.0+dfsg-1 amd64 [installed]
libassuan0/bionic,now 2.5.1-2 amd64 [installed]
libatm1/bionic,now 1:2.5.1-2build1 amd64 [installed]
libattr1/bionic,now 1:2.4.47-2build1 amd64 [installed]
libaudit-common/bionic,now 1:2.8.2-1ubuntu1 all [installed]
libaudit1/bionic,now 1:2.8.2-1ubuntu1 amd64 [installed]
libbind9-160/bionic-updates,bionic-security,now 1:9.11.3+dfsg-1ubuntu1.2 amd64 [installed]
libblkid1/bionic-updates,now 2.31.1-0.4ubuntu3.1 amd64 [installed]
libbsd0/bionic,now 0.8.7-1 amd64 [installed]
libbz2-1.0/bionic,now 1.0.6-8.1 amd64 [installed]
libc-bin/bionic,now 2.27-3ubuntu1 amd64 [installed]
libc6/bionic,now 2.27-3ubuntu1 amd64 [installed]
libcap-ng0/bionic,now 0.7.7-3.1 amd64 [installed]
libcap2/bionic,now 1:2.25-1.2 amd64 [installed]
libcap2-bin/bionic,now 1:2.25-1.2 amd64 [installed]
libcgi-fast-perl/bionic,now 1:2.13-1 all [installed,automatic]
libcgi-pm-perl/bionic,now 4.38-1 all [installed,automatic]
libcom-err2/bionic,now 1.44.1-1 amd64 [installed]
libconfig-inifiles-perl/bionic,now 2.94-1 all [installed,automatic]
libcryptsetup12/bionic-updates,now 2:2.0.2-1ubuntu1.1 amd64 [installed]
libcurl3-gnutls/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.3 amd64 [installed]
libcurl4/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.3 amd64 [installed]
libdb5.3/bionic,now 5.3.28-13.1ubuntu1 amd64 [installed]
libdbd-mysql-perl/bionic,now 4.046-1 amd64 [installed,automatic]
libdbi-perl/bionic,now 1.640-1 amd64 [installed,automatic]
libdbus-1-3/bionic,now 1.12.2-1ubuntu1 amd64 [installed]
libdebconfclient0/bionic,now 0.213ubuntu1 amd64 [installed]
libdevmapper-event1.02.1/bionic,now 2:1.02.145-4.1ubuntu3 amd64 [installed]
libdevmapper1.02.1/bionic,now 2:1.02.145-4.1ubuntu3 amd64 [installed]
libdns-export1100/bionic-updates,bionic-security,now 1:9.11.3+dfsg-1ubuntu1.2 amd64 [installed]
libdns1100/bionic-updates,bionic-security,now 1:9.11.3+dfsg-1ubuntu1.2 amd64 [installed]
libdrm-common/bionic,now 2.4.91-2 all [installed]
libdrm2/bionic,now 2.4.91-2 amd64 [installed]
libdumbnet1/bionic,now 1.12-7build1 amd64 [installed]
libeatmydata1/bionic,now 105-6 amd64 [installed]
libedit2/bionic,now 3.1-20170329-1 amd64 [installed]
libefiboot1/bionic,now 34-1 amd64 [installed]
libefivar1/bionic,now 34-1 amd64 [installed]
libelf1/bionic,now 0.170-0.4 amd64 [installed]
libencode-locale-perl/bionic,now 1.05-1 all [installed,automatic]
liberror-perl/bionic,now 0.17025-1 all [installed]
libestr0/bionic,now 0.1.10-2.1 amd64 [installed]
libevent-2.1-6/bionic,now 2.1.8-stable-4build1 amd64 [installed]
libexpat1/bionic,now 2.2.5-3 amd64 [installed]
libext2fs2/bionic,now 1.44.1-1 amd64 [installed]
libfastjson4/bionic,now 0.99.8-2 amd64 [installed]
libfcgi-perl/bionic,now 0.78-2build1 amd64 [installed,automatic]
libfdisk1/bionic-updates,now 2.31.1-0.4ubuntu3.1 amd64 [installed]
libffi6/bionic,now 3.2.1-8 amd64 [installed]
libfontconfig1/bionic,now 2.12.6-0ubuntu2 amd64 [installed,automatic]
libfreetype6/bionic,now 2.8.1-2ubuntu2 amd64 [installed,automatic]
libfribidi0/bionic,now 0.19.7-2 amd64 [installed]
libfuse2/bionic,now 2.9.7-1ubuntu1 amd64 [installed]
libgcc1/bionic-updates,now 1:8.2.0-1ubuntu2~18.04 amd64 [installed]
libgcrypt20/bionic-updates,bionic-security,now 1.8.1-4ubuntu1.1 amd64 [installed]
libgd3/bionic,now 2.2.5-4+ubuntu18.04.1+deb.sury.org+2 amd64 [installed,automatic]
libgdbm-compat4/bionic,now 1.14.1-6 amd64 [installed]
libgdbm5/bionic,now 1.14.1-6 amd64 [installed]
libgeoip1/bionic,now 1.6.12-1 amd64 [installed]
libgirepository-1.0-1/bionic,now 1.56.1-1 amd64 [installed]
libglib2.0-0/bionic-updates,bionic-security,now 2.56.2-0ubuntu0.18.04.2 amd64 [installed]
libglib2.0-data/bionic-updates,bionic-security,now 2.56.2-0ubuntu0.18.04.2 all [installed]
libgmp10/bionic,now 2:6.1.2+dfsg-2 amd64 [installed]
libgnutls30/bionic,now 3.5.18-1ubuntu1 amd64 [installed]
libgpg-error0/bionic,now 1.27-6 amd64 [installed]
libgpm2/bionic,now 1.20.7-5 amd64 [installed]
libgssapi-krb5-2/bionic,now 1.16-2build1 amd64 [installed]
libgssapi3-heimdal/bionic,now 7.5.0+dfsg-1 amd64 [installed]
libhcrypto4-heimdal/bionic,now 7.5.0+dfsg-1 amd64 [installed]
libheimbase1-heimdal/bionic,now 7.5.0+dfsg-1 amd64 [installed]
libheimntlm0-heimdal/bionic,now 7.5.0+dfsg-1 amd64 [installed]
libhogweed4/bionic,now 3.4-1 amd64 [installed]
libhtml-parser-perl/bionic,now 3.72-3build1 amd64 [installed,automatic]
libhtml-tagset-perl/bionic,now 3.20-3 all [installed,automatic]
libhtml-template-perl/bionic,now 2.97-1 all [installed,automatic]
libhttp-date-perl/bionic,now 6.02-1 all [installed,automatic]
libhttp-message-perl/bionic,now 6.14-1 all [installed,automatic]
libhx509-5-heimdal/bionic,now 7.5.0+dfsg-1 amd64 [installed]
libicu60/bionic,now 60.2-3ubuntu3 amd64 [installed]
libidn11/bionic,now 1.33-2.1ubuntu1 amd64 [installed]
libidn2-0/bionic,now 2.0.4-1.1build2 amd64 [installed]
libio-html-perl/bionic,now 1.001-1 all [installed,automatic]
libip4tc0/bionic,now 1.6.1-2ubuntu2 amd64 [installed]
libip6tc0/bionic,now 1.6.1-2ubuntu2 amd64 [installed]
libiptc0/bionic,now 1.6.1-2ubuntu2 amd64 [installed]
libirs160/bionic-updates,bionic-security,now 1:9.11.3+dfsg-1ubuntu1.2 amd64 [installed]
libisc-export169/bionic-updates,bionic-security,now 1:9.11.3+dfsg-1ubuntu1.2 amd64 [installed]
libisc169/bionic-updates,bionic-security,now 1:9.11.3+dfsg-1ubuntu1.2 amd64 [installed]
libisccc160/bionic-updates,bionic-security,now 1:9.11.3+dfsg-1ubuntu1.2 amd64 [installed]
libisccfg160/bionic-updates,bionic-security,now 1:9.11.3+dfsg-1ubuntu1.2 amd64 [installed]
libisns0/bionic,now 0.97-2build1 amd64 [installed]
libjbig0/bionic,now 2.1-3.1build1 amd64 [installed,automatic]
libjemalloc1/bionic,now 3.6.0-11 amd64 [installed,automatic]
libjpeg-turbo8/bionic-updates,bionic-security,now 1.5.2-0ubuntu5.18.04.1 amd64 [installed,automatic]
libjpeg8/bionic,now 8c-2ubuntu8 amd64 [installed,automatic]
libjson-c3/bionic,now 0.12.1-1.3 amd64 [installed]
libk5crypto3/bionic,now 1.16-2build1 amd64 [installed]
libkeyutils1/bionic,now 1.5.9-9.2ubuntu2 amd64 [installed]
libklibc/bionic,now 2.0.4-9ubuntu2 amd64 [installed]
libkmod2/bionic,now 24-1ubuntu3 amd64 [installed]
libkrb5-26-heimdal/bionic,now 7.5.0+dfsg-1 amd64 [installed]
libkrb5-3/bionic,now 1.16-2build1 amd64 [installed]
libkrb5support0/bionic,now 1.16-2build1 amd64 [installed]
libksba8/bionic,now 1.3.5-2 amd64 [installed]
libldap-2.4-2/bionic,now 2.4.45+dfsg-1ubuntu1 amd64 [installed]
libldap-common/bionic,now 2.4.45+dfsg-1ubuntu1 all [installed]
liblocale-gettext-perl/bionic,now 1.07-3build2 amd64 [installed]
liblvm2app2.2/bionic,now 2.02.176-4.1ubuntu3 amd64 [installed]
liblvm2cmd2.02/bionic,now 2.02.176-4.1ubuntu3 amd64 [installed]
liblwp-mediatypes-perl/bionic,now 6.02-1 all [installed,automatic]
liblwres160/bionic-updates,bionic-security,now 1:9.11.3+dfsg-1ubuntu1.2 amd64 [installed]
liblxc-common/bionic-updates,bionic-security,now 3.0.1-0ubuntu1~18.04.2 amd64 [installed]
liblxc1/bionic-updates,bionic-security,now 3.0.1-0ubuntu1~18.04.2 amd64 [installed]
liblz4-1/bionic,now 0.0~r131-2ubuntu3 amd64 [installed]
liblzma5/bionic,now 5.2.2-1.3 amd64 [installed]
liblzo2-2/bionic,now 2.08-1.2 amd64 [installed]
libmagic-mgc/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.1 amd64 [installed]
libmagic1/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.1 amd64 [installed]
libmcrypt4/bionic,now 2.5.8-3.3 amd64 [installed,automatic]
libmnl0/bionic,now 1.0.4-2 amd64 [installed]
libmount1/bionic-updates,now 2.31.1-0.4ubuntu3.1 amd64 [installed]
libmpdec2/bionic,now 2.4.2-1ubuntu1 amd64 [installed]
libmpfr6/bionic,now 4.0.1-1 amd64 [installed]
libmspack0/bionic-updates,bionic-security,now 0.6-3ubuntu0.1 amd64 [installed]
libmysqlclient20/bionic-updates,bionic-security,now 5.7.23-0ubuntu0.18.04.1 amd64 [installed,automatic]
libncurses5/bionic-updates,now 6.1-1ubuntu1.18.04 amd64 [installed]
libncursesw5/bionic-updates,now 6.1-1ubuntu1.18.04 amd64 [installed]
libnetfilter-conntrack3/bionic,now 1.0.6-2 amd64 [installed]
libnettle6/bionic,now 3.4-1 amd64 [installed]
libnewt0.52/bionic,now 0.52.20-1ubuntu1 amd64 [installed]
libnfnetlink0/bionic,now 1.0.1-3 amd64 [installed]
libnghttp2-14/bionic,now 1.30.0-1ubuntu1 amd64 [installed]
libnginx-mod-http-geoip/bionic-updates,now 1.14.0-0ubuntu1.1 amd64 [installed,automatic]
libnginx-mod-http-image-filter/bionic-updates,now 1.14.0-0ubuntu1.1 amd64 [installed,automatic]
libnginx-mod-http-xslt-filter/bionic-updates,now 1.14.0-0ubuntu1.1 amd64 [installed,automatic]
libnginx-mod-mail/bionic-updates,now 1.14.0-0ubuntu1.1 amd64 [installed,automatic]
libnginx-mod-stream/bionic-updates,now 1.14.0-0ubuntu1.1 amd64 [installed,automatic]
libnih1/bionic,now 1.0.3-6ubuntu2 amd64 [installed]
libnl-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed,automatic]
libnl-genl-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed,automatic]
libnpth0/bionic,now 1.5-3 amd64 [installed]
libnss-systemd/bionic-updates,now 237-3ubuntu10.3 amd64 [installed]
libntfs-3g88/bionic,now 1:2017.3.23-2 amd64 [installed]
libnuma1/bionic,now 2.0.11-2.1 amd64 [installed]
libp11-kit0/bionic,now 0.23.9-2 amd64 [installed]
libpam-cap/bionic,now 1:2.25-1.2 amd64 [installed]
libpam-modules/bionic,now 1.1.8-3.6ubuntu2 amd64 [installed]
libpam-modules-bin/bionic,now 1.1.8-3.6ubuntu2 amd64 [installed]
libpam-runtime/bionic,now 1.1.8-3.6ubuntu2 all [installed]
libpam-systemd/bionic-updates,now 237-3ubuntu10.3 amd64 [installed]
libpam0g/bionic,now 1.1.8-3.6ubuntu2 amd64 [installed]
libparted2/bionic,now 3.2-20 amd64 [installed]
libpcap0.8/bionic,now 1.8.1-6ubuntu1 amd64 [installed]
libpci3/bionic,now 1:3.5.2-1ubuntu1 amd64 [installed]
libpcre3/bionic,now 2:8.41-4+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
libperl5.26/bionic-updates,now 5.26.1-6ubuntu0.2 amd64 [installed]
libpipeline1/bionic,now 1.5.0-1 amd64 [installed]
libplymouth4/bionic-updates,now 0.9.3-1ubuntu7.18.04.1 amd64 [installed]
libpng16-16/bionic-updates,bionic-security,now 1.6.34-1ubuntu0.18.04.1 amd64 [installed]
libpolkit-agent-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.1 amd64 [installed]
libpolkit-backend-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.1 amd64 [installed]
libpolkit-gobject-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.1 amd64 [installed]
libpopt0/bionic,now 1.16-11 amd64 [installed]
libprocps6/bionic-updates,bionic-security,now 2:3.3.12-3ubuntu1.1 amd64 [installed]
libpsl5/bionic,now 0.19.1-5build1 amd64 [installed]
libpython3-stdlib/bionic-updates,now 3.6.5-3ubuntu1 amd64 [installed]
libpython3.6/bionic-updates,now 3.6.6-1~18.04 amd64 [installed]
libpython3.6-minimal/bionic-updates,now 3.6.6-1~18.04 amd64 [installed]
libpython3.6-stdlib/bionic-updates,now 3.6.6-1~18.04 amd64 [installed]
libreadline5/bionic,now 5.2+dfsg-3build1 amd64 [installed]
libreadline7/bionic,now 7.0-3 amd64 [installed]
libroken18-heimdal/bionic,now 7.5.0+dfsg-1 amd64 [installed]
librtmp1/bionic,now 2.4+20151223.gitfa8646d.1-1 amd64 [installed]
libsasl2-2/bionic,now 2.1.27~101-g0780600+dfsg-3ubuntu2 amd64 [installed]
libsasl2-modules/bionic,now 2.1.27~101-g0780600+dfsg-3ubuntu2 amd64 [installed]
libsasl2-modules-db/bionic,now 2.1.27~101-g0780600+dfsg-3ubuntu2 amd64 [installed]
libseccomp2/bionic,now 2.3.1-2.1ubuntu4 amd64 [installed]
libselinux1/bionic,now 2.7-2build2 amd64 [installed]
libsemanage-common/bionic,now 2.7-2build2 all [installed]
libsemanage1/bionic,now 2.7-2build2 amd64 [installed]
libsepol1/bionic,now 2.7-1 amd64 [installed]
libsigsegv2/bionic,now 2.12-1 amd64 [installed]
libslang2/bionic,now 2.3.1a-3ubuntu1 amd64 [installed]
libsmartcols1/bionic-updates,now 2.31.1-0.4ubuntu3.1 amd64 [installed]
libsqlite3-0/bionic,now 3.22.0-1 amd64 [installed]
libss2/bionic,now 1.44.1-1 amd64 [installed]
libssl1.0.0/bionic-updates,bionic-security,now 1.0.2n-1ubuntu5.1 amd64 [installed]
libssl1.1/bionic,now 1.1.0h-2.0+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
libstdc++6/bionic-updates,now 8.2.0-1ubuntu2~18.04 amd64 [installed]
libsystemd0/bionic-updates,now 237-3ubuntu10.3 amd64 [installed]
libtasn1-6/bionic,now 4.13-2 amd64 [installed]
libterm-readkey-perl/bionic,now 2.37-1build1 amd64 [installed,automatic]
libtext-charwidth-perl/bionic,now 0.04-7.1 amd64 [installed]
libtext-iconv-perl/bionic,now 1.7-5build6 amd64 [installed]
libtext-wrapi18n-perl/bionic,now 0.06-7.1 all [installed]
libtiff5/bionic,now 4.0.9-5 amd64 [installed,automatic]
libtimedate-perl/bionic,now 2.3000-2 all [installed,automatic]
libtinfo5/bionic-updates,now 6.1-1ubuntu1.18.04 amd64 [installed]
libudev1/bionic-updates,now 237-3ubuntu10.3 amd64 [installed]
libunistring2/bionic,now 0.9.9-0ubuntu1 amd64 [installed]
libunwind8/bionic,now 1.2.1-8 amd64 [installed]
liburi-perl/bionic,now 1.73-1 all [installed,automatic]
libusb-1.0-0/bionic,now 2:1.0.21-2 amd64 [installed]
libutempter0/bionic,now 1.1.6-3 amd64 [installed]
libuuid1/bionic-updates,now 2.31.1-0.4ubuntu3.1 amd64 [installed]
libwebp6/bionic,now 0.6.1-2 amd64 [installed,automatic]
libwind0-heimdal/bionic,now 7.5.0+dfsg-1 amd64 [installed]
libwrap0/bionic,now 7.6.q-27 amd64 [installed]
libx11-6/bionic-updates,bionic-security,now 2:1.6.4-3ubuntu0.1 amd64 [installed]
libx11-data/bionic-updates,bionic-security,now 2:1.6.4-3ubuntu0.1 all [installed]
libxau6/bionic,now 1:1.0.8-1 amd64 [installed]
libxcb1/bionic,now 1.13-1 amd64 [installed]
libxdmcp6/bionic,now 1:1.1.2-3 amd64 [installed]
libxext6/bionic,now 2:1.3.3-1 amd64 [installed]
libxml2/bionic-updates,bionic-security,now 2.9.4+dfsg1-6.1ubuntu1.2 amd64 [installed]
libxmlrpc-epi0/bionic,now 0.54.2-1.2 amd64 [installed,automatic]
libxmlsec1/bionic,now 1.2.25-1build1 amd64 [installed]
libxmlsec1-openssl/bionic,now 1.2.25-1build1 amd64 [installed]
libxmuu1/bionic,now 2:1.1.2-2 amd64 [installed]
libxpm4/bionic,now 1:3.5.12-1 amd64 [installed,automatic]
libxslt1.1/bionic,now 1.1.29-5 amd64 [installed]
libxtables12/bionic,now 1.6.1-2ubuntu2 amd64 [installed]
libyaml-0-2/bionic,now 0.1.7-2ubuntu3 amd64 [installed]
libzip4/bionic,now 1.1.2-1.1 amd64 [installed,automatic]
libzstd1/bionic,now 1.3.3+dfsg-2ubuntu1 amd64 [installed]
linux-base/bionic,now 4.5ubuntu1 all [installed]
linux-firmware/bionic-updates,now 1.173.1 all [installed,automatic]
linux-image-4.15.0-29-generic/bionic-updates,bionic-security,now 4.15.0-29.31 amd64 [installed,automatic]
linux-image-4.15.0-34-generic/bionic-updates,bionic-security,now 4.15.0-34.37 amd64 [installed,automatic]
linux-image-4.15.0-36-generic/bionic-updates,bionic-security,now 4.15.0-36.39 amd64 [installed,automatic]
linux-image-generic/bionic-updates,bionic-security,now 4.15.0.36.38 amd64 [installed]
linux-modules-4.15.0-29-generic/bionic-updates,bionic-security,now 4.15.0-29.31 amd64 [installed,automatic]
linux-modules-4.15.0-34-generic/bionic-updates,bionic-security,now 4.15.0-34.37 amd64 [installed,automatic]
linux-modules-4.15.0-36-generic/bionic-updates,bionic-security,now 4.15.0-36.39 amd64 [installed,automatic]
linux-modules-extra-4.15.0-29-generic/bionic-updates,bionic-security,now 4.15.0-29.31 amd64 [installed,automatic]
linux-modules-extra-4.15.0-34-generic/bionic-updates,bionic-security,now 4.15.0-34.37 amd64 [installed,automatic]
linux-modules-extra-4.15.0-36-generic/bionic-updates,bionic-security,now 4.15.0-36.39 amd64 [installed,automatic]
locales/bionic,now 2.27-3ubuntu1 all [installed]
login/bionic,now 1:4.5-1ubuntu1 amd64 [installed]
logrotate/bionic,now 3.11.0-0.1ubuntu1 amd64 [installed]
lsb-base/bionic,now 9.20170808ubuntu1 all [installed]
lsb-release/bionic,now 9.20170808ubuntu1 all [installed]
lshw/bionic-updates,now 02.18-0.1ubuntu6.18.04.1 amd64 [installed]
lsof/bionic,now 4.89+dfsg-0.1 amd64 [installed]
ltrace/bionic,now 0.7.3-6ubuntu1 amd64 [installed]
lvm2/bionic,now 2.02.176-4.1ubuntu3 amd64 [installed]
lxcfs/bionic-updates,now 3.0.1-0ubuntu2~18.04.1 amd64 [installed]
lxd/bionic-updates,now 3.0.1-0ubuntu1~18.04.1 amd64 [installed]
lxd-client/bionic-updates,now 3.0.1-0ubuntu1~18.04.1 amd64 [installed]
man-db/bionic,now 2.8.3-2 amd64 [installed]
manpages/bionic,now 4.15-1 all [installed]
mariadb-client/bionic-updates,bionic-security,now 1:10.1.34-0ubuntu0.18.04.1 all [installed]
mariadb-client-10.1/bionic-updates,bionic-security,now 1:10.1.34-0ubuntu0.18.04.1 amd64 [installed,automatic]
mariadb-client-core-10.1/bionic-updates,bionic-security,now 1:10.1.34-0ubuntu0.18.04.1 amd64 [installed,automatic]
mariadb-common/bionic-updates,bionic-security,now 1:10.1.34-0ubuntu0.18.04.1 all [installed,automatic]
mariadb-server/bionic-updates,bionic-security,now 1:10.1.34-0ubuntu0.18.04.1 all [installed]
mariadb-server-10.1/bionic-updates,bionic-security,now 1:10.1.34-0ubuntu0.18.04.1 amd64 [installed,automatic]
mariadb-server-core-10.1/bionic-updates,bionic-security,now 1:10.1.34-0ubuntu0.18.04.1 amd64 [installed,automatic]
mawk/bionic,now 1.3.3-17ubuntu3 amd64 [installed]
mdadm/bionic-updates,now 4.1~rc1-3~ubuntu18.04.1 amd64 [installed]
mime-support/bionic,now 3.60ubuntu1 all [installed]
mlocate/bionic,now 0.26-2ubuntu3.1 amd64 [installed]
mokutil/bionic,now 0.3.0-0ubuntu5 amd64 [installed]
mount/bionic-updates,now 2.31.1-0.4ubuntu3.1 amd64 [installed]
mtr-tiny/bionic,now 0.92-1 amd64 [installed]
multiarch-support/bionic,now 2.27-3ubuntu1 amd64 [installed]
mysql-common/bionic,now 5.8+1.0.4 all [installed,automatic]
nano/bionic,now 2.9.3-2 amd64 [installed]
ncurses-base/bionic-updates,now 6.1-1ubuntu1.18.04 all [installed]
ncurses-bin/bionic-updates,now 6.1-1ubuntu1.18.04 amd64 [installed]
ncurses-term/bionic-updates,now 6.1-1ubuntu1.18.04 all [installed]
net-tools/bionic,now 1.60+git20161116.90da8a0-1ubuntu1 amd64 [installed]
netbase/bionic,now 5.4 all [installed]
netcat-openbsd/bionic-updates,now 1.187-1ubuntu0.1 amd64 [installed]
netplan.io/bionic-updates,now 0.36.3 amd64 [installed]
networkd-dispatcher/bionic-updates,now 1.7-0ubuntu3.2 all [installed]
nginx/bionic-updates,now 1.14.0-0ubuntu1.1 all [installed]
nginx-common/bionic-updates,now 1.14.0-0ubuntu1.1 all [installed,automatic]
nginx-core/bionic-updates,now 1.14.0-0ubuntu1.1 amd64 [installed,automatic]
nplan/bionic-updates,now 0.36.3 all [installed]
ntfs-3g/bionic,now 1:2017.3.23-2 amd64 [installed]
ntpdate/bionic-updates,bionic-security,now 1:4.2.8p10+dfsg-5ubuntu7.1 amd64 [installed]
open-iscsi/bionic-updates,now 2.0.874-5ubuntu2.3 amd64 [installed]
open-vm-tools/bionic-updates,now 2:10.3.0-0ubuntu1~18.04.2 amd64 [installed]
openssh-client/bionic,now 1:7.6p1-4 amd64 [installed]
openssh-server/bionic,now 1:7.6p1-4 amd64 [installed]
openssh-sftp-server/bionic,now 1:7.6p1-4 amd64 [installed]
openssl/bionic,now 1.1.0h-2.0+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
os-prober/bionic,now 1.74ubuntu1 amd64 [installed,automatic]
overlayroot/bionic-updates,now 0.40ubuntu1.1 all [installed]
parted/bionic,now 3.2-20 amd64 [installed]
passwd/bionic,now 1:4.5-1ubuntu1 amd64 [installed]
pastebinit/bionic,now 1.5-2 all [installed]
patch/bionic,now 2.7.6-2ubuntu1 amd64 [installed]
pciutils/bionic,now 1:3.5.2-1ubuntu1 amd64 [installed]
perl/bionic-updates,now 5.26.1-6ubuntu0.2 amd64 [installed]
perl-base/bionic-updates,now 5.26.1-6ubuntu0.2 amd64 [installed]
perl-modules-5.26/bionic-updates,now 5.26.1-6ubuntu0.2 all [installed]
php-cli-prompt/bionic,now 1.0.3+dfsg-1 all [installed,automatic]
php-common/bionic,now 1:62+ubuntu18.04.1+deb.sury.org+3 all [installed,automatic]
php-composer-ca-bundle/bionic,now 1.1.0-1 all [installed,automatic]
php-composer-semver/bionic,now 1.4.2-1 all [installed,automatic]
php-composer-spdx-licenses/bionic,now 1.3.0-1 all [installed,automatic]
php-json-schema/bionic,now 5.2.6-1 all [installed,automatic]
php-psr-log/bionic,now 1.0.2-1 all [installed,automatic]
php-symfony-console/bionic-updates,bionic-security,now 3.4.6+dfsg-1ubuntu0.1 all [installed,automatic]
php-symfony-debug/bionic-updates,bionic-security,now 3.4.6+dfsg-1ubuntu0.1 all [installed,automatic]
php-symfony-filesystem/bionic-updates,bionic-security,now 3.4.6+dfsg-1ubuntu0.1 all [installed,automatic]
php-symfony-finder/bionic-updates,bionic-security,now 3.4.6+dfsg-1ubuntu0.1 all [installed,automatic]
php-symfony-polyfill-mbstring/bionic,now 1.6.0-2 all [installed,automatic]
php-symfony-process/bionic-updates,bionic-security,now 3.4.6+dfsg-1ubuntu0.1 all [installed,automatic]
php7.1-cli/bionic,now 7.1.22-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
php7.1-common/bionic,now 7.1.22-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
php7.1-curl/bionic,now 7.1.22-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
php7.1-fpm/bionic,now 7.1.22-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
php7.1-gd/bionic,now 7.1.22-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
php7.1-intl/bionic,now 7.1.22-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
php7.1-json/bionic,now 7.1.22-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed,automatic]
php7.1-mbstring/bionic,now 7.1.22-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
php7.1-mcrypt/bionic,now 7.1.22-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
php7.1-mysql/bionic,now 7.1.22-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
php7.1-opcache/bionic,now 7.1.22-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed,automatic]
php7.1-readline/bionic,now 7.1.22-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed,automatic]
php7.1-soap/bionic,now 7.1.22-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
php7.1-xml/bionic,now 7.1.22-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
php7.1-xmlrpc/bionic,now 7.1.22-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
php7.1-zip/bionic,now 7.1.22-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
pinentry-curses/bionic,now 1.1.0-1 amd64 [installed]
plymouth/bionic-updates,now 0.9.3-1ubuntu7.18.04.1 amd64 [installed]
plymouth-theme-ubuntu-text/bionic-updates,now 0.9.3-1ubuntu7.18.04.1 amd64 [installed]
policykit-1/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.1 amd64 [installed]
pollinate/bionic-updates,now 4.33-0ubuntu1~18.04.1 all [installed]
popularity-contest/bionic,now 1.66ubuntu1 all [installed]
powermgmt-base/bionic,now 1.33 all [installed]
procps/bionic-updates,bionic-security,now 2:3.3.12-3ubuntu1.1 amd64 [installed]
psmisc/bionic,now 23.1-1 amd64 [installed]
publicsuffix/bionic,now 20180223.1310-1 all [installed]
python-apt-common/bionic-updates,now 1.6.2 all [installed]
python3/bionic-updates,now 3.6.5-3ubuntu1 amd64 [installed]
python3-apport/bionic-updates,now 2.20.9-0ubuntu7.4 all [installed]
python3-apt/bionic-updates,now 1.6.2 amd64 [installed]
python3-asn1crypto/bionic,now 0.24.0-1 all [installed]
python3-attr/bionic,now 17.4.0-2 all [installed]
python3-automat/bionic,now 0.6.0-1 all [installed]
python3-blinker/bionic,now 1.4+dfsg1-0.1 all [installed]
python3-certifi/bionic,now 2018.1.18-2 all [installed]
python3-cffi-backend/bionic,now 1.11.5-1 amd64 [installed]
python3-chardet/bionic,now 3.0.4-1 all [installed]
python3-click/bionic,now 6.7-3 all [installed]
python3-colorama/bionic,now 0.3.7-1 all [installed]
python3-commandnotfound/bionic-updates,now 18.04.5 all [installed]
python3-configobj/bionic,now 5.0.6-2 all [installed]
python3-constantly/bionic,now 15.1.0-1 all [installed]
python3-cryptography/bionic-updates,bionic-security,now 2.1.4-1ubuntu1.2 amd64 [installed]
python3-dbus/bionic,now 1.2.6-1 amd64 [installed]
python3-debconf/bionic,now 1.5.66 all [installed]
python3-debian/bionic,now 0.1.32 all [installed]
python3-distro-info/bionic,now 0.18 all [installed]
python3-distupgrade/bionic-updates,now 1:18.04.26 all [installed]
python3-gdbm/bionic,now 3.6.5-3 amd64 [installed]
python3-gi/bionic,now 3.26.1-2 amd64 [installed]
python3-httplib2/bionic,now 0.9.2+dfsg-1 all [installed]
python3-hyperlink/bionic,now 17.3.1-2 all [installed]
python3-idna/bionic,now 2.6-1 all [installed]
python3-incremental/bionic,now 16.10.1-3 all [installed]
python3-jinja2/bionic,now 2.10-1 all [installed]
python3-json-pointer/bionic,now 1.10-1 all [installed]
python3-jsonpatch/bionic,now 1.19+really1.16-1fakesync1 all [installed]
python3-jsonschema/bionic,now 2.6.0-2 all [installed]
python3-jwt/bionic,now 1.5.3+ds1-1 all [installed]
python3-markupsafe/bionic,now 1.0-1build1 amd64 [installed]
python3-minimal/bionic-updates,now 3.6.5-3ubuntu1 amd64 [installed]
python3-newt/bionic,now 0.52.20-1ubuntu1 amd64 [installed]
python3-oauthlib/bionic,now 2.0.6-1 all [installed]
python3-openssl/bionic,now 17.5.0-1ubuntu1 all [installed]
python3-pam/bionic,now 0.4.2-13.2ubuntu4 amd64 [installed]
python3-pkg-resources/bionic,now 39.0.1-2 all [installed]
python3-ply/bionic,now 3.11-1 all [installed,automatic]
python3-problem-report/bionic-updates,now 2.20.9-0ubuntu7.4 all [installed]
python3-pyasn1/bionic,now 0.4.2-3 all [installed]
python3-pyasn1-modules/bionic,now 0.2.1-0.2 all [installed]
python3-requests/bionic,now 2.18.4-2 all [installed]
python3-requests-unixsocket/bionic,now 0.1.5-3 all [installed]
python3-serial/bionic,now 3.4-2 all [installed]
python3-service-identity/bionic,now 16.0.0-2 all [installed]
python3-six/bionic,now 1.11.0-2 all [installed]
python3-software-properties/bionic-updates,now 0.96.24.32.5 all [installed]
python3-systemd/bionic,now 234-1build1 amd64 [installed]
python3-twisted/bionic,now 17.9.0-2 all [installed]
python3-twisted-bin/bionic,now 17.9.0-2 amd64 [installed]
python3-update-manager/bionic-updates,now 1:18.04.11.5 all [installed]
python3-urllib3/bionic,now 1.22-1 all [installed]
python3-yaml/bionic,now 3.12-1build2 amd64 [installed]
python3-zope.interface/bionic,now 4.3.2-1build2 amd64 [installed]
python3.6/bionic-updates,now 3.6.6-1~18.04 amd64 [installed]
python3.6-minimal/bionic-updates,now 3.6.6-1~18.04 amd64 [installed]
readline-common/bionic,now 7.0-3 all [installed]
rsync/bionic,now 3.1.2-2.1ubuntu1 amd64 [installed]
rsyslog/bionic,now 8.32.0-1ubuntu4 amd64 [installed]
run-one/bionic,now 1.17-0ubuntu1 all [installed]
sbsigntool/bionic,now 0.6-3.2ubuntu2 amd64 [installed]
screen/bionic-updates,now 4.6.2-1ubuntu1 amd64 [installed]
secureboot-db/bionic,now 1.1 amd64 [installed]
sed/bionic,now 4.4-2 amd64 [installed]
sensible-utils/bionic,now 0.0.12 all [installed]
shared-mime-info/bionic,now 1.9-2 amd64 [installed]
shim/bionic-updates,now 15+1533136590.3beb971-0ubuntu1 amd64 [installed]
shim-signed/bionic-updates,now 1.37~18.04.2+15+1533136590.3beb971-0ubuntu1 amd64 [installed]
snapd/bionic-updates,now 2.34.2+18.04 amd64 [installed]
socat/bionic,now 1.7.3.2-2ubuntu2 amd64 [installed,automatic]
software-properties-common/bionic-updates,now 0.96.24.32.5 all [installed]
sosreport/bionic-updates,now 3.5-1ubuntu3.18.04.1 amd64 [installed]
squashfs-tools/bionic-updates,now 1:4.3-6ubuntu0.18.04.1 amd64 [installed]
ssh-import-id/bionic-updates,now 5.7-0ubuntu1.1 all [installed]
strace/bionic,now 4.21-1ubuntu1 amd64 [installed]
sudo/bionic,now 1.8.21p2-3ubuntu1 amd64 [installed]
systemd/bionic-updates,now 237-3ubuntu10.3 amd64 [installed]
systemd-sysv/bionic-updates,now 237-3ubuntu10.3 amd64 [installed]
sysvinit-utils/bionic,now 2.88dsf-59.10ubuntu1 amd64 [installed]
tar/bionic,now 1.29b-2 amd64 [installed]
tcpdump/bionic,now 4.9.2-3 amd64 [installed]
telnet/bionic,now 0.17-41 amd64 [installed]
time/bionic,now 1.7-25.1build1 amd64 [installed]
tmux/bionic,now 2.6-3 amd64 [installed]
tzdata/bionic-updates,bionic-security,now 2018e-0ubuntu0.18.04 all [installed]
ubuntu-advantage-tools/bionic,now 17 all [installed]
ubuntu-keyring/bionic,now 2018.02.28 all [installed]
ubuntu-minimal/bionic,now 1.417 amd64 [installed]
ubuntu-release-upgrader-core/bionic-updates,now 1:18.04.26 all [installed]
ubuntu-standard/bionic,now 1.417 amd64 [installed]
ucf/bionic,now 3.0038 all [installed]
udev/bionic-updates,now 237-3ubuntu10.3 amd64 [installed]
ufw/bionic,now 0.35-5 all [installed]
uidmap/bionic,now 1:4.5-1ubuntu1 amd64 [installed]
unattended-upgrades/bionic-updates,now 1.1ubuntu1.18.04.5 all [installed]
unzip/bionic,now 6.0-21ubuntu1 amd64 [installed]
update-manager-core/bionic-updates,now 1:18.04.11.5 all [installed]
update-notifier-common/bionic-updates,now 3.192.1.3 all [installed]
ureadahead/bionic,now 0.100.0-20 amd64 [installed]
usbutils/bionic,now 1:007-4build1 amd64 [installed]
util-linux/bionic-updates,now 2.31.1-0.4ubuntu3.1 amd64 [installed]
uuid-runtime/bionic-updates,now 2.31.1-0.4ubuntu3.1 amd64 [installed]
vim/bionic,now 2:8.0.1453-1ubuntu1 amd64 [installed]
vim-common/bionic,now 2:8.0.1453-1ubuntu1 all [installed]
vim-runtime/bionic,now 2:8.0.1453-1ubuntu1 all [installed]
vim-tiny/bionic,now 2:8.0.1453-1ubuntu1 amd64 [installed]
wget/bionic-updates,bionic-security,now 1.19.4-1ubuntu2.1 amd64 [installed]
whiptail/bionic,now 0.52.20-1ubuntu1 amd64 [installed]
wireless-regdb/bionic-updates,now 2018.05.09-0ubuntu1~18.04.1 all [installed,automatic]
xauth/bionic,now 1:1.0.10-1 amd64 [installed]
xdelta3/bionic,now 3.0.11-dfsg-1ubuntu1 amd64 [installed]
xdg-user-dirs/bionic,now 0.17-1ubuntu1 amd64 [installed]
xfsprogs/bionic,now 4.9.0+nmu1ubuntu2 amd64 [installed]
xkb-data/bionic,now 2.23.1-1ubuntu1 all [installed]
xxd/bionic,now 2:8.0.1453-1ubuntu1 amd64 [installed]
xz-utils/bionic,now 5.2.2-1.3 amd64 [installed]
zerofree/bionic,now 1.0.4-1 amd64 [installed]
zlib1g/bionic,now 1:1.2.11.dfsg-0ubuntu2 amd64 [installed]

Did you try delete vendor and install it again?

Did you try delete vendor and install it again?

I just deleted the vendor folder and re-ran composer update with 5.7.3 and uploaded it to my server. Still throwing the 419. Are there any commands I would need to run to reload everything on my server, like php artisan cache:clear or php artisan config:cache?

Maybe you forget delete composer.lock file before run composer update

Maybe you forget delete composer.lock file before run composer update

Well I've been running php artisan --version to verify my version updates are in fact making it to my webserver each time, but I do have a composer.lock file in the folder. I can delete it and try it again if you think that might cause an issue.

Deleting the composer.lock file and retrying did not affect the result - still getting the 419. Also, for what it's worth, composer update is recreating the composer.lock file when I run it.

If you're sure with version, I think the issues from your server, not laravel bug. One more thing why you need to upload vendor folder to your server instead of run composer update in your server.

I'm running an nginx server and I listed my packages in a previous comment. Do you have any idea what might be wrong on my end that would cause Laravel's Csrf token system to malfunction?

Are you saying I can just overwrite the vendor folder to change the Laravel version? And do I need to run any commands for the updated version to fully kick in / take effect?

Well using a List Comparison, I compared my webserver's packages to Homestead Vagrant's. Looks like Vagrant is running Xenial Xerus but my webserver is running Bionic Beaver.

I'm closing this - as it is clearly not a Laravel Framework issue, but something with your server setup.

The problem is not with "CSRF" - but with your sessions not persisting (which will cause a by-product of CSRF not working).

Please try asking your question on one of the many great community support areas that will likely give you a better answer more quickly:

• Laravel Slack (https://larachat.co/)
• Laravel.io Forum (https://laravel.io/forum)
• Laracasts Forum (https://laracasts.com/discuss)
• StackOverflow (http://stackoverflow.com/questions/tagged/laravel)

If you feel I've closed this issue in error, please provide more information about how this is a framework issue, and I'll reopen the ticket.

Thanks in advance.

Um, is the fact that this doesn't work with Ubuntu's latest LTS not a problem?

It does - I use it myself with no issues. It's something with your setup or config.

Ok so I rebooted my server and I am testing 5.7.3 which is working for me. Not sure why it didn't work previously or if that was unrelated, but 5.7.3 is working. So at this point I have no idea if it's Laravel or my server. If it's working on 5.7.3, then that means my sessions are in fact persisting - at least on 5.7.3, right?

Yes.

Now try the latest version. 5.7.9. Does that work?

If not - go through each version in between and tell us exactly which version breaks, and I'll look into what changed in that version.

To do this go into composer.json and change

- "laravel/framework": "5.7.*",
+ "laravel/framework": "5.7.4",

and keep changing the version until you find the exact spot it breaks.

Yes.

Now try the latest version. 5.7.9. Does that work?

If not - go through each version in between and tell us exactly which version breaks, and I'll look into what changed in that version.

To do this go into composer.json and change

- "laravel/framework": "5.7.*",
+ "laravel/framework": "5.7.4",

and keep changing the version until you find the exact spot it breaks.

Ok, I believe I performed this test correctly when I posted this comment, and the version that starting throwing the 419 was 5.7.4 - can you review my steps that I posted I took to make sure I tested correctly? If not, I can perform the test again tomorrow after I relieve myself of sleep deprivation lol.

Thanks for the help.

These changes were made in 5.7.4: https://github.com/laravel/framework/compare/v5.7.3...v5.7.4

None of them look "suspicious" to me.

Yeah...

It's possible its another package that changes during the version change (due to 'min' requirements).

Are you using a file driver? Try Redis or something else and see how that goes.

But as others have said - we cant replicate, so it is somehow related to your server config.

Yeah...

It's possible its another package that changes during the version change (due to 'min' requirements).

Are you using a file driver? Try Redis or something else and see how that goes.

But as others have said - we cant replicate, so it is _somehow_ related to your server config.

Sorry, can you elaborate on the file driver question? I just have a webserver running nginx where I copied up the Laravel site.

@laurencei is referring to the session.driver config option (https://laravel.com/docs/5.7/session).

You can try a different driver like database or redis.

I have the same problem
Laravel Framework 5.7.10
similar problem : https://laracasts.com/discuss/channels/laravel/post-request-in-laravel-57-error-419-sorry-your-session-has-expired?page=2

similar problem : https://ru.stackoverflow.com/questions/886118/laravel-5-7-%D0%BF%D1%80%D0%B8-%D0%BE%D0%B1%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5-post-%D0%B7%D0%B0%D0%BF%D1%80%D0%BE%D1%81%D0%B0-%D0%B2%D1%8B%D0%B4%D0%B0%D1%91%D1%82-%D0%BE%D1%88%D0%B8%D0%B1%D0%BA%D1%83-419-sorry-your-session-has

419
Sorry, your session has expired. Please refresh and try again.

At least as far as my Homestead vagrant dev box goes, I was able to overcome the 419 with a simple vagrant box update from version '5.1.0' to '6.3.0'. Are there specific packages in this upgrade that might cause the newer Laravel versions to throw a 419 error on older vagrant versions?

@Xerotherm1c Can you reliably reproduce the issue in Homestead? What Laravel version are you using?

I have Laravel 5.7.14, have docker locally and on Prod, both having this issue. Forced to turn-off some routes in VerifyCsrfToken.php. Didn't have it on 5.6.*
Migrated from 5.6 to 5.7. Using @csrf token in 5.7, but with old approach {{ csrf_field() }} doesn't work as well.

Migrated from 5.6 to 5.7. Using @csrf token in 5.7, but with old approach {{ csrf_field() }} doesn't work as well.

You may be onto something with the {{ csrf_field() }} approach causing issues. I've been using @csrf in the project I'm currently working on with absolutely no issues so far.

Migrated from 5.6 to 5.7. Using @csrf token in 5.7, but with old approach {{ csrf_field() }} doesn't work as well.

You may be onto something with the {{ csrf_field() }} approach causing issues. I've been using @csrf in the project I'm currently working on with absolutely no issues so far.

Unfortunately, both of them doesn't work.

I'm also running into this issue locally on Ubuntu Bionic Beaver (redis driver, laravel v5.7.13) and it also happened once on a staging server. It happened on a vagrant up this morning. When it occurred on the server, it was after doing an update to the project and running composer install. I can consistently clear the error when I delete my browser cookies.

I have the same problem.
On Mac High Sierra, Laravel 5.7.9 it's ok
On Staging Server Ubuntu 18.04 Laravel 5.7.15, 419 error.

I'll try to downgrade to 5.7.9 and keep you posted.

@KeitelDOG Do all POST requests fail or only some of them? What session driver are you using?

Still not working on ubuntu after downgrading. @staudenmeir yes for all POST I suppose, I tried Login and Register. I'm using file session.

I'm using NGinx on both Mac and Ubuntu.

Can anyone reproduce this issue on a fresh Laravel installation?

Now I just retry it in my Mac without clearing any browser cache nor cookies and it works. I don't think it's a laravel Issue because the code does not change at all. Could it be a Browser cache, cookie or Browser - Server communication problem that disappears after some times?
This problem happened to me before on a Laravel 5.6 with Apache on Ubuntu 18.04, and the day after I went to debug it but it was working fine. And today same thing.
I suspect some strange behavior from Browser - Server communication that keeps inappropriate data for some times that causes the bad data to be passed. And once the time passes and the inappropriate data get flushed, then it starts to work great again.
If that's the case, I have no idea of what would generate this inappropriate data in browser? new PHP 7+? Chrome Browser?

I used Chrome only when I found the error.

Did anyone experience this issue with a browser other than Chrome?

Reading all the comments - it is clear this is a mixture of different
issues, but all boils down to a session persistence issue.

In most cases the sessions are just not setup correctly, and when a
form is submitted, the lack of session means the CSRF fails, and you
get a 419 error.

You can self diagnose this issue by turning off CSRF, and trying to
login. If you can’t login (because you keep going back to the login
page) - then your sessions are broken and you need to fix that.

If you can login, then you probably have a mis-configured CSRF token
in your form, and you need to fix that.

Any specific issue with Chrome is likely to be a session issue (which
appears as a CSRF issue - but that’s because the session is broken).

But we know that all Chorme versions work with all Laravel versions
out of the box, which means if there is an issue, it is somehow
related to the local config/setup.

The other possibility is a JS related issue, where one browser works
and another doesn’t depending on what your JS code is doing.

@staudenmeir I saw another comment with 2 Likes that seems logic. https://github.com/laravel/framework/issues/23212#issuecomment-367108710

He said :

Check to make sure you do not have another application running with the same APP_NAME value

APP_NAME=xyz-xyz

I had this same problem for over a year when I created subdomains of my companies primary domain. This is the session config for the cookie name, which Chrome is only setting on the primary domain instead of per subdomain

'cookie' => env( 'SESSION_COOKIE', str_slug(env('APP_NAME', 'laravel'), '_').'_session' ),

By updating the app name, it will alter the cookie name and you should not have this problem anymore

And that seems like the real problem because on Laravel 4.2 and 5.0 it never happened. But since I'm using Laravel 5.6 and 5.7 which integrate the APP_NAME=MyApp, it started to generate problems. And the code

'cookie' => env(
        'SESSION_COOKIE',
        str_slug(env('APP_NAME', 'MyApp'), '_').'_session'
    ),

generates cookie with the same name for Local and production, and sometimes the APP_KEY remained the same as an old APP_KEY when upgrading and changing website server (Brand new VPS for the same Website, which is my case), could definitely creates that behavior in Chrome.

Perhaps we should name them APP_NAME=MyApp Dev for development, APP_NAME=MyApp Staging and APP_NAME=MyApp for production. And if we are setting up a Second Server for Production that we will proxy to forward requests, we could temporary change the APP_NAME=MyApp New the time we are testing it, and after that we would change it back.

@staudenmeir I've experienced the issue in Firefox as well. I agree with @laurencei that is seems like this stems from a cookie/session issue. It could be that I hadn't visited the project over the long holiday weekend (about 5 days) - so maybe whatever was saved in my cookie was no longer valid and didn't renew. Hopefully the issue comes back at me so I can try and trace this through.

Also, I can also confirm that when this occurred on the server, I was able to comment out VerifyCsrfToken to get the forms to work (re-enabling brought back the issue).

It did the same thing again this morning in the Staging Server with Ubuntu 18.04. The login session expired cause it asked me login again. And when I did, 419 error again. I will investigate printing the session data and cookie data to see the difference.

@zyglobe if it happens to Firefox also, maybe Laravel sent an outdated cookie or so...
If the problem can't be solved now, I can't upgrade Production yet.

@staudenmeir could it be an incorrect session calculation of laravel based on timezone, as timezone can be customized differently by Developers?

@KeitelDOG Does this occur if you use a different device/browser that had not previously accessed the site before?

I sacrificed whole day trying to figure it out. And I think I've found some good hints.
I break my AuthController@signin and use Codes from VerifyCsrfToken to see output. I added echo and print_r to the Illuminate\Session\Store to debug.

public function signin()
    {
        try {

            echo 'Request Session Token :<br/>'.request()->session()->token().'<br/>';

            $token = request()->input('_token');
            echo '<br/>Request Session Token :<br/>'.$token.'<br/>';
            \Megalo::addAppLog('_token : '.request()->input('_token'), "VerifyCsrfToken");

            echo '<br/>Request Session Object array :<br/>';
            print_r(request()->session());
            echo '<br/>';


            clearstatcache();
            echo '<br/>storage/framework/sessions directory permission :<br/>'.substr(sprintf('%o', fileperms(storage_path('framework/sessions'))), -4);
            echo '<br/>';



            $isMatched = is_string(request()->session()->token()) &&
               is_string($token) &&
               hash_equals(request()->session()->token(), $token);

            if ($isMatched) {

                \Megalo::addAppLog('Verification passed. Tokens Matched', "VerifyCsrfToken");

                foreach (\Megalo::$appLogs as $log) {
                    echo $log["level"]."/".$log["place"]." : ".$log["desc"]."<br/>";
                }

                return 'OK';
            }
        }catch(Exception $e) {
            echo $e->getMessage().' - '.$e->getFile().' - '.$e->getLine();
        }

        //throw new \Illuminate\Session\TokenMismatchException;
}

And here is the results.

For DEV with SIMILAR BUG with limited permission 440, owner and group (_www => Mac), I get :

Request Session Token :
C0U9SaZBrHUqDESGNytJwAsgFFPL1n0ooBkjA2WF

Request Session Token :
zDx4hMGaw3xNt8cvTrJBMEBj37aoPvqVBsJKfmkD

Request Session Object array :
Illuminate\Session\Store Object ( [id:protected] => WChNe9QnXi7vxcW1LTgB4h8WYvE5y6RXOP91AuKJ [name:protected] => megalobiz_dev_session [attributes:protected] => Array ( [_token] => C0U9SaZBrHUqDESGNytJwAsgFFPL1n0ooBkjA2WF ) [handler:protected] => Illuminate\Session\FileSessionHandler Object ( [files:protected] => Illuminate\Filesystem\Filesystem Object ( ) [path:protected] => /private/var/www/megalobiz/storage/framework/sessions [minutes:protected] => 2592000 ) [started:protected] => 1 ) 

storage/framework/sessions directory permission :
0440

But for DEV that is working with enough permission 550, owner and group (_www => Mac), I get :

Request Session Token :
zDx4hMGaw3xNt8cvTrJBMEBj37aoPvqVBsJKfmkD

Request Session Token :
zDx4hMGaw3xNt8cvTrJBMEBj37aoPvqVBsJKfmkD

Request Session Object array :
Illuminate\Session\Store Object ( [id:protected] => WChNe9QnXi7vxcW1LTgB4h8WYvE5y6RXOP91AuKJ [name:protected] => megalobiz_dev_session [attributes:protected] => Array ( [_flash] => Array ( [new] => Array ( ) [old] => Array ( ) ) [_previous] => Array ( [url] => http://localhost ) [_token] => zDx4hMGaw3xNt8cvTrJBMEBj37aoPvqVBsJKfmkD [guest_id] => Array ( [0] => Mv2xJEawXImP38gF2gpz0euCX4RQqB_1543601170 ) [last_briefed] => 2018-11-27 01:11:10 ) [handler:protected] => Illuminate\Session\FileSessionHandler Object ( [files:protected] => Illuminate\Filesystem\Filesystem Object ( ) [path:protected] => /private/var/www/megalobiz/storage/framework/sessions [minutes:protected] => 2592000 ) [started:protected] => 1 ) 

storage/framework/sessions directory permission :
0550
debug/BaseController : Megalo initialized
debug/VerifyCsrfToken : _token : zDx4hMGaw3xNt8cvTrJBMEBj37aoPvqVBsJKfmkD
debug/VerifyCsrfToken : Verification passed. Tokens Matched
OK

THIS IS WAT IS HAPPENING :
With Laravel Code in Illuminate\Session\Store class

    /**
     * Start the session, reading the data from a handler.
     *
     * @return bool
     */
    public function start()
    {
        $this->loadSession();

        if (! $this->has('_token')) {
            $this->regenerateToken();
        }

        return $this->started = true;
    }

    /**
     * Load the session data from the handler.
     *
     * @return void
     */
    protected function loadSession()
    {
        $this->attributes = array_merge($this->attributes, $this->readFromHandler());
    }

    /**
     * Read the session data from the handler.
     *
     * @return array
     */
    protected function readFromHandler()
    {
        print_r($this); // added by me
        echo '<br/><br/>'; // added by me

        if ($data = $this->handler->read($this->getId())) {
            $data = @unserialize($this->prepareForUnserialize($data));

            if ($data !== false && ! is_null($data) && is_array($data)) {
                return $data;
            }
        }

        echo 'session empty in  readFromHandler '.get_class($this->handler).'<br/><br/>'; // added by me

        return [];
    }

So when Session read the File from FileSessionHandler or CookieSessionHandler which implement SessionHandlerInterface with read, write, destroy methods etc., if Session doesn't find the _token attribute, then it regenerates Token, and therefore, when Laravel compares the File Session Token in VerifyCsrfToken with the passed token in request()->input('_token'), it fails.

One reason can be because of limited permission, which can recreate the Bug in Dev, but not this actual bug we're facing.
Another reason is that the passed Token via input can be different or inexistant, so the Token Mismatch Exception will raise.

On Staging Server, here is my Output :

Illuminate\Session\Store Object ( [id:protected] => e4Em43rkBART7BlTgsT7PneLg572RDDFWnvjCVw3 [name:protected] => megalobizstaging_session [attributes:protected] => Array ( ) [handler:protected] => Illuminate\Session\FileSessionHandler Object ( [files:protected] => Illuminate\Filesystem\Filesystem Object ( ) [path:protected] => /var/www/megalobiz/storage/framework/sessions [minutes:protected] => 2592000 ) [started:protected] => ) 

session empty in readFromHandler Illuminate\Session\FileSessionHandler

Request Session Token :
jJYOEmm920oU5JSQd6h8xfpaj1nugtWG6hPlQgkf

Request Session Token :
4ExdeLOtbTnO9LGW3jDpP2BBMJe9KCTEfMjJJie8

Request Session Object array :
Illuminate\Session\Store Object ( [id:protected] => e4Em43rkBART7BlTgsT7PneLg572RDDFWnvjCVw3 [name:protected] => megalobizstaging_session [attributes:protected] => Array ( [_token] => jJYOEmm920oU5JSQd6h8xfpaj1nugtWG6hPlQgkf ) [handler:protected] => Illuminate\Session\FileSessionHandler Object ( [files:protected] => Illuminate\Filesystem\Filesystem Object ( ) [path:protected] => /var/www/megalobiz/storage/framework/sessions [minutes:protected] => 2592000 ) [started:protected] => 1 ) 

storage/framework/sessions directory permission :
0777

When Laravel creates a session file, it creates it with permission 644, -rw-r--r--, that could be the reason why when I tested in Dev, 440 did not work, because execute permission is missing.

@zyglobe I just tested the Staging with my Phone, Chrome browser, and the Session is ok and accessible.

But now I'm stuck because I can't understand why would 644 permission block me vi Mac, and not via Phone. Via Android Phone, the session file is stil with 644.

@KeitelDOG - as I mentioned earlier - what you've described is simply a session persistence issue and has nothing to do with CSRF (but the CSRF error you get is because of the session failure).

Looking at your code above, if you have different permissions, then once again it's nothing to do with Laravel. If you google around, there's a few examples of how to change the user settings for directories; essentially you need to make sure the web user has the right permission to write to the storage folder along with your console user.

It sounds like your web user does not, and therefore sessions are failing.

You could also switch to a different session system, like Redis or Memcache, which is probably better for a production server.

Can anyone reproduce this issue on a _fresh_ Laravel installation?

Yes. Downloaded a laravel version yesterday. The odd thing is I created 2 projects at once. The one project gives the 419 on login, the other doesn't... Same server, same configuration. The only difference is that the failing project has a SESSION_DOMAIN=.example.com environment variable... When I remove this, the login is working fine

• Composer: 1.2.2
• Laravel: 5.7.15
• NPM: 6.4.1
• Node: 8.14.0
• Linux uname -r: 4.14.84-v7+

Hi, just hit the same issue and fixed it and many of you are partially correct. It IS a CSRF issue caused by the lack of session. And it is only happening because the project is missing write permissions.
So, not a laravel issue, it's an installation issue. Whoever is acting as the webserver must have write permissions on the storage folder.

I finally see that it's probably not a Laravel issue. @magusd the are many ways of solving this according to what happened.
I have reproduced this error in so many ways that it started to freaking me out. But at the end, it's a permission access to that file before Laravel accesses it. Here the many Layers that could be denying the permission :

• storage/framework/sessions owner or group does not belong to Apache or Nginx User let's say www-data
• storage/framework/sessions owner or group belongs to Apache or Nginx User let's say www-data, but does not have read and write permission to either owner or group. You should change permission with chmod and give 6 at least to owner or group.
• umask has been changed in your Apache or Nginx settings. Default umask in Apache is 0002 => 0664 which gives read and write permission for owner and group, and read for everyone, for created files with config user www-data, and => 0775 for created directories. Default umask in lastest NGinx is 0022 => 0644 which gives read and write only to owner for created files, and => 0755 for created directories. So that could be some server config has changed and does not give enough permission to read existing sessions files. So you should checkup to.
• umask in PHP can be dynamically changed, so if you changed it early in your code to umask(0666); and not changed it back to umask($oldUmask); before Laravel create the session files, then the newly created session file will have permission 0000 with no read access at all.

But I resolved and controlled all of this, but the permission problem persist sometimes. So if Laravel did not messed up with the file permissions just before accessing it, it can't be a Laravel bug for sure.
Maybe the System itself create a strange behavior to limit the permission on some special cases that I cannot catch.

I give up on this cause this doesn't seem a Laravel coding error. Instead thanks to @laurencei I'm already changing to Redis for Staging to test before I apply it to production, this way I won't get anymore Sessions permission access.

I've been using the redis driver all along (so file permission issues, while already set correctly, wouldn't have been the problem). However, I discovered that I'm dealing with an intermittent redis or predis connection issue (even with read_write_timeout set to -1).

local.ERROR: Error while reading line from the server. [tcp://127.0.0.1:6379]

Just offering what I found in case someone else stumbles upon this thread with a similar issue/scenario.

RESOLVED

I finally resolved it, so this is NOT a Laravel Bug, but I think Laravel developers could handle this behavior themselves.

It was a problem with the Cookie conflicts between different environment on the same browser. That's why other browsers that access only production didn't have that problem.

To resolve any of the 419 related error :

Check Permission

After making sure your permission is ok for creating and accessing the file as I suggested earlier :

I finally see that it's probably not a Laravel issue. @magusd the are many ways of solving this according to what happened.
I have reproduced this error in so many ways that it started to freaking me out. But at the end, it's a permission access to that file before Laravel accesses it. Here the many Layers that could be denying the permission :

• storage/framework/sessions owner or group does not belong to Apache or Nginx User let's say www-data
• storage/framework/sessions owner or group belongs to Apache or Nginx User let's say www-data, but does not have read and write permission to either owner or group. You should change permission with chmod and give 6 at least to owner or group.
• umask has been changed in your Apache or Nginx settings. Default umask in Apache is 0002 => 0664 which gives read and write permission for owner and group, and read for everyone, for created files with config user www-data, and => 0775 for created directories. Default umask in lastest NGinx is 0022 => 0644 which gives read and write only to owner for created files, and => 0755 for created directories. So that could be some server config has changed and does not give enough permission to read existing sessions files. So you should checkup to.
• umask in PHP can be dynamically changed, so if you changed it early in your code to umask(0666); and not changed it back to umask($oldUmask); before Laravel create the session files, then the newly created session file will have permission 0000 with no read access at all.

But I resolved and controlled all of this, but the permission problem persist sometimes. So if Laravel did not messed up with the file permissions just before accessing it, it can't be a Laravel bug for sure.
Maybe the System itself create a strange behavior to limit the permission on some special cases that I cannot catch.

I give up on this cause this doesn't seem a Laravel coding error. Instead thanks to @laurencei I'm already changing to Redis for Staging to test before I apply it to production, this way I won't get anymore Sessions permission access.

Change your ENVIRONMENT Variables

Then I used this configuration in my LOCAL .env file :

APP_NAME=Megalobiz
...
SESSION_COOKIE=mbdck
SESSION_DOMAIN=localhost
...

and this in my STAGING .env file :

APP_NAME=Megalobiz
...
SESSION_COOKIE=mbsck
SESSION_DOMAIN=10X.24X.X.4X
...

APP_NAME doesn't have to be unique. But I heard some places that Laravel had issues with underscore SESSION_COOKIE, so instead of using default :

'cookie' => env(
        'SESSION_COOKIE',
        str_slug(env('APP_NAME', 'Megalobiz'), '_').'_session'
    ),

to produce a session cookie name megalobiz_session, I just add my own and UNIQUE session cookie name SESSION_COOKIE=mbsck from MegaloBiz Staging CooKie. This way the Browser won't get the same cookie name for your LOCAL, STAGING and PRODUCTION environment.

After that I don't know if it's necessary, but I put SESSION_DOMAIN as localhost, IP or domain name if Server is running through DNS.

Clear Cookies

AND FINALLY, after making those changes, *DO NOT FORGET TO CLEAR THE COOKIES on the LOCAL or STAGING or PRODUCTION if you changed the Environment variables because the Browser will keep the old Session Cookie name because it's not expired yet, megalobiz_session in my case.

And I get my new SESSION COOKIE name as mbsck. And I logged in the 1st time 💯

AVOID MAKING THIS IN PRODUCTION

BE CAREFUL NOT TO CHANGE THIS ON YOUR ALREADY RUNNING PRODUCTION SERVER because it will invalidate sessions for all other browsers (Users) that has the old session cookie name not expired and they won't know if they must clear that cookie in their browser. Instead clear your other cookies for other environment and keep your default config for production.

Can anyone reproduce this issue on a _fresh_ Laravel installation?

@staudenmeir Easy now to reproduce if you want to investigate more, just run the same App twice, as Dev and Staging, or 2 devs, with the same SESSION_COOKIE name and one of them will fail cause I think the browser will send the incorrect Session value.

@zyglobe see if my answer above help you resolve it.

I'm still getting the same error on the other Server with Laravel 5.6, so I went to look for how Chrome Browser handle cookies on request. Chrome is more strict than other browsers.
The answer to the StackOverflow Question Why does the session cookie work when serving from a domain but not when using an IP? explains a lot of important things. He mentioned an HTTP RFC 2019 Document where they state :

```
4.3.2 Rejecting Cookies

To prevent possible security or privacy violations, a user agent
rejects a cookie (shall not store its information) if any of the
following is true:

• The value for the Path attribute is not a prefix of the request-
  URI.

• The value for the Domain attribute contains no embedded dots or
  does not start with a dot.

• The value for the request-host does not domain-match the Domain
  attribute.

• The request-host is a FQDN (not IP address) and has the form HD,
  where D is the value of the Domain attribute, and H is a string
  that contains one or more dots.

  Examples:

• A Set-Cookie from request-host y.x.foo.com for Domain=.foo.com
  would be rejected, because H is y.x and contains a dot.

Kristol & Montulli Standards Track [Page 7]

RFC 2109 HTTP State Management Mechanism February 1997

• A Set-Cookie from request-host x.foo.com for Domain=.foo.com would
  be accepted.

• A Set-Cookie with Domain=.com or Domain=.com., will always be
  rejected, because there is no embedded dot.

• A Set-Cookie with Domain=ajax.com will be rejected because the
  value for Domain does not begin with a dot.

4.3.3 Cookie Management

If a user agent receives a Set-Cookie response header whose NAME is
the same as a pre-existing cookie, and whose Domain and Path
attribute values exactly (string) match those of a pre-existing
cookie, the new cookie supersedes the old. However, if the Set-
Cookie has a value for Max-Age of zero, the (old and new) cookie is
discarded. Otherwise cookies accumulate until they expire (resources
permitting), at which time they are discarded.

...
````

Those specs would tell browsers to ignore malformed or non-standard Set-Cookie format so that sometimes Chrome just won't send those cookies in the requests to your server.

Today I tested, confirmed and resolved the 419 error (that is not related to file permission) for the 4th times for that same month. Cause it also happen with Redis as the Session Driver.

What I can confirm is that happens :

• Specially on Chrome, even on Chrome Mobile for Android
• When using multiple environment in the same browser and one of them is IP address, ex : local (localhost) + production (120.130.140.150). The production is not accessible via DNS yet

And the conflict and error are resolved when :

• Using a domain name to access the Servers (except localhost)
• waiting a mid day sometimes for Chrome to clear some cache, or clearing cookies of IP address

I tried with IP, error, activate DNS, no error, deactivate DNS, error appears again.

Tested with my 2 Old VPS and 2 New VPS (staging + production) with IPs and 2 domain names.

@Xerotherm1c ware you able to fix this issue am facing same on MacOs Nginx only on production

@diadal, it happened to me even with Redis so it was not the file permission in my case. I'm using MacOS + Nginx for dev, Ubuntu 18.04 + Nginx for production. But a mixing of sessions when developing, staging and producing on the same browser. But what's strange is that once I use domain name with HTTPS (Certbot), this behavior stops completely. Also when it happens, even after updating configuration, browser seems to put something in cache that has the effect of creating 419 error for some hours, and suddenly BOOM it works.

I use Redis also file for session same issue MacOS + Nginx for dev & Production same issue all Safari & Chrome I clear all cache & cookies same no solution so far Laravel Framework 5.7.22

@KeitelDOG I'm also able to reproduce this on Ubuntu 18.04, redis, and the issue occurring with http, and resolved over https. So this lead me to my latest trial, playing with the session (cookie) config. After changing some of the cookie settings (from strict, http_only, and secure to lax). I was able to login successfully in a new private browser - my existing browser session still failed. So I tried manipulating the XSRF-Token cookie's strict/http-only settings (didn't work). I deleted the XSRF-Token, so a reload of the page renewed it. I STILL got the error. So the kicker here is... I deleted the SESSION cookie, reloaded the page, and it worked.

@diadal are you using a domain name with SSL for production? I never get it with Domain + SSL
I think Laravel can handle this behavior better, cause I also get this error from other websites build with laravel.

@KeitelDOG yes full SSL for production still @zyglobe no luck is not working

@zyglobe you are right, and that is really strange. I wonder why it's suddenly happen with latest version of Laravel, I think they need to collaborate with highest Browsers and Cookies experts from Google or Mozilla to handle this behavior better.

I suspected when you're developing with Laravel, then your Browser expose you to conflicts with other Laravel websites sending cookies to it, maybe with same name or not.

Thanks for posting your experience results.

I don't know for sure if that really counts, but I decided to put different name for session cookie for each environment in .env file in case this would create conflicts with other cookie names :

• DEV
  SESSION_COOKIE=projectdevsck

• STAGING
  SESSION_COOKIE=projectstagsck

• PRODUCTION
  SESSION_COOKIE=projectsck

I believe it could help, I read it in a StackOverflow answer once, so I'm using it just in case.

But at the end, I think you risk nothing for your users if they are not Laravel developers.

@KeitelDOG no luck

<?php

if (env('APP_ENV') === 'local') {

    $cookie = 'Test-developer';
}else{
    $cookie = 'Test_Prod';
}

return [

    /*
    |--------------------------------------------------------------------------
    | Default Session Driver
    |--------------------------------------------------------------------------
    |
    | This option controls the default session "driver" that will be used on
    | requests. By default, we will use the lightweight native driver but
    | you may specify any of the other wonderful drivers provided here.
    |
    | Supported: "file", "cookie", "database", "apc",
    |            "memcached", "redis", "array"
    |
    */

    'driver' => env('SESSION_DRIVER', 'redis'),

    /*
    |--------------------------------------------------------------------------
    | Session Lifetime
    |--------------------------------------------------------------------------
    |
    | Here you may specify the number of minutes that you wish the session
    | to be allowed to remain idle before it expires. If you want them
    | to immediately expire on the browser closing, set that option.
    |
    */

    'lifetime' => env('SESSION_LIFETIME', 20),

    'expire_on_close' => false,

    /*
    |--------------------------------------------------------------------------
    | Session Encryption
    |--------------------------------------------------------------------------
    |
    | This option allows you to easily specify that all of your session data
    | should be encrypted before it is stored. All encryption will be run
    | automatically by Laravel and you can use the Session like normal.
    |
    */

    'encrypt' => true,

    /*
    |--------------------------------------------------------------------------
    | Session File Location
    |--------------------------------------------------------------------------
    |
    | When using the native session driver, we need a location where session
    | files may be stored. A default has been set for you but a different
    | location may be specified. This is only needed for file sessions.
    |
    */

    'files' => storage_path('framework/sessions'),

    /*
    |--------------------------------------------------------------------------
    | Session Database Connection
    |--------------------------------------------------------------------------
    |
    | When using the "database" or "redis" session drivers, you may specify a
    | connection that should be used to manage these sessions. This should
    | correspond to a connection in your database configuration options.
    |
    */

    'connection' => null,

    /*
    |--------------------------------------------------------------------------
    | Session Database Table
    |--------------------------------------------------------------------------
    |
    | When using the "database" session driver, you may specify the table we
    | should use to manage the sessions. Of course, a sensible default is
    | provided for you; however, you are free to change this as needed.
    |
    */

    'table' => 'sessions',

    /*
    |--------------------------------------------------------------------------
    | Session Cache Store
    |--------------------------------------------------------------------------
    |
    | When using the "apc" or "memcached" session drivers, you may specify a
    | cache store that should be used for these sessions. This value must
    | correspond with one of the application's configured cache stores.
    |
    */

    'store' => null,

    /*
    |--------------------------------------------------------------------------
    | Session Sweeping Lottery
    |--------------------------------------------------------------------------
    |
    | Some session drivers must manually sweep their storage location to get
    | rid of old sessions from storage. Here are the chances that it will
    | happen on a given request. By default, the odds are 2 out of 100.
    |
    */

    'lottery' => [2, 100],

    /*
    |--------------------------------------------------------------------------
    | Session Cookie Name
    |--------------------------------------------------------------------------
    |
    | Here you may change the name of the cookie used to identify a session
    | instance by ID. The name specified here will get used every time a
    | new session cookie is created by the framework for every driver.
    |
    */

    'cookie' => env('SESSION_COOKIE',$cookie.'_session'),

    // 'cookie' => env(
    //     'SESSION_COOKIE',
    //     str_slug(env('APP_NAME', 'laravel'), '_').'_session'
    // ),

    /*
    |--------------------------------------------------------------------------
    | Session Cookie Path
    |--------------------------------------------------------------------------
    |
    | The session cookie path determines the path for which the cookie will
    | be regarded as available. Typically, this will be the root path of
    | your application but you are free to change this when necessary.
    |
    */

    'path' => '/',

    /*
    |--------------------------------------------------------------------------
    | Session Cookie Domain
    |--------------------------------------------------------------------------
    |
    | Here you may change the domain of the cookie used to identify a session
    | in your application. This will determine which domains the cookie is
    | available to in your application. A sensible default has been set.
    |
    */

    'domain' => env('SESSION_DOMAIN', 'test.com'),

    /*
    |--------------------------------------------------------------------------
    | HTTPS Only Cookies
    |--------------------------------------------------------------------------
    |
    | By setting this option to true, session cookies will only be sent back
    | to the server if the browser has a HTTPS connection. This will keep
    | the cookie from being sent to you if it can not be done securely.
    |
    */

    'secure' => env('SESSION_SECURE_COOKIE', true),

    /*
    |--------------------------------------------------------------------------
    | HTTP Access Only
    |--------------------------------------------------------------------------
    |
    | Setting this value to true will prevent JavaScript from accessing the
    | value of the cookie and the cookie will only be accessible through
    | the HTTP protocol. You are free to modify this option if needed.
    |
    */

    'http_only' => true,

    /*
    |--------------------------------------------------------------------------
    | Same-Site Cookies
    |--------------------------------------------------------------------------
    |
    | This option determines how your cookies behave when cross-site requests
    | take place, and can be used to mitigate CSRF attacks. By default, we
    | do not enable this as other CSRF protection services are in place.
    |
    | Supported: "lax", "strict"
    |
    */

    'same_site' => "strict",

];

I was just fighting the same problem for a couple of hours, then I found that my .env file contains SESSION_LIFETIME=0
I've set it to 120, and cleared cache+cookies both on server and browser sides and now it's working. I don't know if it is the reason for everyone, but in my case it was, guys, check your .env file

Hi everyone. If anyone's experiencing this please try one of the support channels listed above.