Post request in Laravel 5.7 — Error - 419 Sorry, your session has expired

up vote
8
down vote

favorite

I installed Laravel 5.7

Added a form to the file resourcesviewswelcome.blade.php

<form method="POST" action="/foo" >

    @csrf

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

Added to file routesweb.php

Route::post('/foo', function () {

    echo 1;

    return;

});

After sending a POST request:

419 Sorry, your session has expired. Please refresh and try again.

In version 5.6 there was no such a problem.

edited Nov 9 at 13:08

Andrew Naguib

1,2501420

asked Oct 1 at 2:25

Thủ Thuật Máy Tính

4412

Have you tried adding a redirect? Instead of return; you can call return redirect()->back();. From what I can see, the app has nothing to do after the post request. Maybe you can redirect it to a view after processing the request.
– David Angulo
Oct 1 at 2:57

I'm having the same issue. When i switch to database session this happens and when i change back to file for SESSION_DRIVER in .env it works fine. Why is the database based session not working.
– Junaid Qadir
Nov 5 at 11:14

I copied your exact code into a fresh laravel 5.7 install. It worked. There is a problem elsewhere.
– Kyle Wardle
Nov 6 at 11:37

this problem because of token problem. I have try to run same code like this, but get no error. You should give more information like your session driver, _token value display in the form. Also, you can debug yourself in this file vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php line 67 to know why
– bangnokia
Nov 6 at 18:37

1

I realized that I had used sessions table for a different purpose. After Changing this table name to a more suited one and ran artisan session:table and refreshed migration everything is working fine
– Junaid Qadir
Nov 7 at 5:35

|
show 4 more comments

up vote
8
down vote

favorite

I installed Laravel 5.7

Added a form to the file resourcesviewswelcome.blade.php

<form method="POST" action="/foo" >

    @csrf

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

Added to file routesweb.php

Route::post('/foo', function () {

    echo 1;

    return;

});

After sending a POST request:

419 Sorry, your session has expired. Please refresh and try again.

In version 5.6 there was no such a problem.

edited Nov 9 at 13:08

Andrew Naguib

1,2501420

asked Oct 1 at 2:25

Thủ Thuật Máy Tính

4412

Have you tried adding a redirect? Instead of return; you can call return redirect()->back();. From what I can see, the app has nothing to do after the post request. Maybe you can redirect it to a view after processing the request.
– David Angulo
Oct 1 at 2:57

I'm having the same issue. When i switch to database session this happens and when i change back to file for SESSION_DRIVER in .env it works fine. Why is the database based session not working.
– Junaid Qadir
Nov 5 at 11:14

I copied your exact code into a fresh laravel 5.7 install. It worked. There is a problem elsewhere.
– Kyle Wardle
Nov 6 at 11:37

this problem because of token problem. I have try to run same code like this, but get no error. You should give more information like your session driver, _token value display in the form. Also, you can debug yourself in this file vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php line 67 to know why
– bangnokia
Nov 6 at 18:37

1

I realized that I had used sessions table for a different purpose. After Changing this table name to a more suited one and ran artisan session:table and refreshed migration everything is working fine
– Junaid Qadir
Nov 7 at 5:35

|
show 4 more comments

up vote
8
down vote

favorite

I installed Laravel 5.7

Added a form to the file resourcesviewswelcome.blade.php

<form method="POST" action="/foo" >

    @csrf

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

Added to file routesweb.php

Route::post('/foo', function () {

    echo 1;

    return;

});

After sending a POST request:

419 Sorry, your session has expired. Please refresh and try again.

In version 5.6 there was no such a problem.

edited Nov 9 at 13:08

Andrew Naguib

1,2501420

asked Oct 1 at 2:25

Thủ Thuật Máy Tính

4412

I installed Laravel 5.7

Added a form to the file resourcesviewswelcome.blade.php

<form method="POST" action="/foo" >

    @csrf

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

Added to file routesweb.php

Route::post('/foo', function () {

    echo 1;

    return;

});

After sending a POST request:

419 Sorry, your session has expired. Please refresh and try again.

In version 5.6 there was no such a problem.

php laravel

edited Nov 9 at 13:08

Andrew Naguib

1,2501420

asked Oct 1 at 2:25

Thủ Thuật Máy Tính

4412

edited Nov 9 at 13:08

Andrew Naguib

1,2501420

asked Oct 1 at 2:25

Thủ Thuật Máy Tính

4412

edited Nov 9 at 13:08

Andrew Naguib

1,2501420

edited Nov 9 at 13:08

Andrew Naguib

1,2501420

edited Nov 9 at 13:08

Andrew Naguib

1,2501420

asked Oct 1 at 2:25

Thủ Thuật Máy Tính

4412

asked Oct 1 at 2:25

Thủ Thuật Máy Tính

4412

asked Oct 1 at 2:25

Thủ Thuật Máy Tính

4412

Have you tried adding a redirect? Instead of return; you can call return redirect()->back();. From what I can see, the app has nothing to do after the post request. Maybe you can redirect it to a view after processing the request.
– David Angulo
Oct 1 at 2:57

I'm having the same issue. When i switch to database session this happens and when i change back to file for SESSION_DRIVER in .env it works fine. Why is the database based session not working.
– Junaid Qadir
Nov 5 at 11:14

I copied your exact code into a fresh laravel 5.7 install. It worked. There is a problem elsewhere.
– Kyle Wardle
Nov 6 at 11:37

this problem because of token problem. I have try to run same code like this, but get no error. You should give more information like your session driver, _token value display in the form. Also, you can debug yourself in this file vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php line 67 to know why
– bangnokia
Nov 6 at 18:37

1

I realized that I had used sessions table for a different purpose. After Changing this table name to a more suited one and ran artisan session:table and refreshed migration everything is working fine
– Junaid Qadir
Nov 7 at 5:35

|
show 4 more comments

Have you tried adding a redirect? Instead of return; you can call return redirect()->back();. From what I can see, the app has nothing to do after the post request. Maybe you can redirect it to a view after processing the request.
– David Angulo
Oct 1 at 2:57

I'm having the same issue. When i switch to database session this happens and when i change back to file for SESSION_DRIVER in .env it works fine. Why is the database based session not working.
– Junaid Qadir
Nov 5 at 11:14

I copied your exact code into a fresh laravel 5.7 install. It worked. There is a problem elsewhere.
– Kyle Wardle
Nov 6 at 11:37

this problem because of token problem. I have try to run same code like this, but get no error. You should give more information like your session driver, _token value display in the form. Also, you can debug yourself in this file vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php line 67 to know why
– bangnokia
Nov 6 at 18:37

1

I realized that I had used sessions table for a different purpose. After Changing this table name to a more suited one and ran artisan session:table and refreshed migration everything is working fine
– Junaid Qadir
Nov 7 at 5:35

Have you tried adding a redirect? Instead of return; you can call return redirect()->back();. From what I can see, the app has nothing to do after the post request. Maybe you can redirect it to a view after processing the request.
– David Angulo
Oct 1 at 2:57

I'm having the same issue. When i switch to database session this happens and when i change back to file for SESSION_DRIVER in .env it works fine. Why is the database based session not working.
– Junaid Qadir
Nov 5 at 11:14

I copied your exact code into a fresh laravel 5.7 install. It worked. There is a problem elsewhere.
– Kyle Wardle
Nov 6 at 11:37

this problem because of token problem. I have try to run same code like this, but get no error. You should give more information like your session driver, _token value display in the form. Also, you can debug yourself in this file vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php line 67 to know why
– bangnokia
Nov 6 at 18:37

I realized that I had used sessions table for a different purpose. After Changing this table name to a more suited one and ran artisan session:table and refreshed migration everything is working fine
– Junaid Qadir
Nov 7 at 5:35

|
show 4 more comments

18 Answers
18

active

oldest

votes

up vote
7
down vote

+25

The session expired error message comes up because somewhere your csrf token verification fails which means the AppHttpMiddlewareVerifyCsrfToken::class middleware is already turned on. In the form the @csrf blade directive is already added, which should be fine as well.

Then the other aria to check is the session. The csrf token verification is directly involved with your session, So you might want to check whether your session driver is working or not, such as an incorrectly configured Redis might cause an issue.

Maybe you can try switching your session driver/software from your .env file, the supported drivers are given below

Supported Session drivers in Laravel 5.7 (Doc Link)

file - sessions are stored in storage/framework/sessions. cookie - sessions are stored in secure, encrypted cookies.

database - sessions are stored in a relational database.

memcached / redis - sessions are stored in one of these fast, cache based stores.

array - sessions are stored in a PHP array and will not be persisted.

If your form works after switching the session driver, then something wrong is with that particular driver, try to fix the error from there.

Possible error prone scenarios

Probably file-based sessions might not work because of the permission issues with the /storage directory (a quick googling will fetch you the solution)

In the case of the database driver, your DB connection might be wrong, or the sessions table might not exist or wrongly configured (the wrong configuration part was confirmed to be an issue as per the comment by @Junaid Qadir).

redis/memcached configuration is wrong or is being manipulated by some other piece of code in the system at the same time.

It might be a good idea to execute php artisan key:generate and generate a new app key which will in turn flush the session data.

Read more about why application keys are important

answered Nov 11 at 20:59

Shobi

2,64811228

1

Sometimes it's just that browsers, mainly Chrome won't put the Set-Cookie session value because it's malformed or non-standard. So Laravel won't find any existing session value from the HTTP request to compare to the received _token value from the FORM. Avoid using SESSION_DOMAIN=... with IP which Chrome and HTTP Cookie Specs consider as insecure.
– KeitelDOG
Dec 7 at 15:54

Yep, found chrome as the culprit many times.
– Shobi
Dec 7 at 19:41

add a comment |

up vote
2
down vote

This is because the form requires a csrf. In version 5.7, they changed it to @csrf

<form action="" method="post">

    @csrf

    ...

Referene:
https://laravel.com/docs/5.7/csrf

answered Oct 10 at 3:01

David

472

3

His form includes a csrf token. Not sure if he edited it later or not.
– eResourcesInc
Oct 10 at 3:30

yeah, his form originally has a csrf field, I just looked into the edit history
– Dexter Bengil
Nov 7 at 9:39

add a comment |

up vote
2
down vote

How about using

{{ csrf_field() }} instead of @csrf

419 error is mostly because of csrf token issues.

edited Nov 6 at 12:25

answered Nov 5 at 12:05

Bonish Koirala

4138

You mean {{ csrf_field() }}?
– Travis Britz
Nov 6 at 11:45

yeah thanks for the reminder
– Bonish Koirala
Nov 6 at 12:25

5.7 uses @csrf
– Don't Panic
Nov 11 at 11:05

{{ csrf_field() }} worked for me
– Kiran Reddy
Dec 5 at 4:45

add a comment |

up vote
1
down vote

Try to comment out AppHttpMiddlewareEncryptCookies::class in appHttpKernel.php
I have similar problem and solved it by doing so.
Probably not the best solution because the security but at least it worked.

Previously I tried:

Clear cache

Generate new app key

Run my app in various Browsers (Chrome 70, Mozilla Firefox 57, and IE 11)

Run my app in another computer

Comment out AppHttpMiddlewareVerifyCsrfToken::class in appHttpKernel.php

Comment out IlluminateSessionMiddlewareAuthenticateSession::class in appHttpKernel.php

Upgrade and downgrade Laravel (between 5.6 and 5.7)

But none of these above worked for me.

answered Dec 3 at 4:10

Prasna Lukito

113

add a comment |

up vote
0
down vote

I just had the exact same issue and it was down to me being completely stupid. I had disabled all of the form fields (rather than just the submit button) via javascript before submitting said form! This, of course, resulted in the all the form elements not being submitted (including the hidden _token field) which in turn brought up the 419 error!

I hope this helps someone from a few hours of head scratching!

Disabled form inputs do not appear in the request

answered Oct 14 at 19:38

Splodge

add a comment |

up vote
0
down vote

In your Http/Kernel.php

try to comment this line :

IlluminateSessionMiddlewareAuthenticateSession::class,

in your web middleware array

it might be the root of your issue

answered Nov 6 at 12:11

Mathieu Ferre

1,264322

add a comment |

up vote
0
down vote

It may be overkill but you can try this:

// Form calling named route with hidden token field added.

<form method="POST" action="{{ route('foo') }}" >

    @csrf

    <input type="hidden" name="_token" value="{!! csrf_token() !!}">

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

// Named Route

Route::post('/foo', function () {

    return 'bar';

})->name('foo');

// Add this within the <head></head> block:

<meta name="_token" content="{!! csrf_token() !!}" />

I did test it on my local using Homestead on Laravel 5.7 which was was fresh install using Laravel Installer 2.0.1 and it worked. What is your environment?

Theory: I wonder if that has something to do with blade rendering html tags with {{ }} vs. {!! !!} on your environment or how you are serving it (eg. php artisan serve). What makes me think that is line 335 of /vendor/laravel/framework/src/illuminate/Foundation/helpers.php should render the same line manually typed out above.

edited Nov 9 at 7:42

answered Nov 9 at 7:13

developernator

2,41611220

<meta> tag in the form? What kind of magic is that.
– emix
Nov 9 at 7:18

laravel.com/docs/5.7/csrf#csrf-x-csrf-token
– developernator
Nov 9 at 7:20

Yeah cool, but <meta> tags should be placed within the <head>, not inside the <body>. I'm not sure HTML validator would like this.
– emix
Nov 9 at 7:20

I would say you are correct and that should be moved to the head.
– developernator
Nov 9 at 7:23

add a comment |

up vote
0
down vote

I also had a problem like this and I've discovered that the session files were locked for writing. So, I don't know if you are running your Laravel via stuff like vagrant or Docker, but I advise you to try to change the rights of the session directory (and files of course) (When you run Laravel in a VM you should change the rights locally and in the VM (like, when you share the files via NFS)

Like this:

chmod -R 777 storage/framework/sessions

chmod -R 777 storage/logs

I know, a 777 permission is the worst disaster that you can ever imagine. But they are handy for troubleshooting.

To be sure that I never forgot this I made a bash script. (Called it lalog, just because I wanted to clear the log files and set permissions)

Note: Make sure that you use this on the session directory. In config/session.php there is a files key declared with the location. In my case:

<?php

//...........

'files' => storage_path('framework/sessions'),

//...........

Location: /usr/bin/lalog (This is a file, not a directory)

Execute in shell as lalog

#!/bin/bash

rm -rf /home/username/Projects/x/storage/logs/laravel.log

echo "Laravel log removed"

touch /home/username/Projects/x/storage/logs/laravel.log

echo "Laravel log created"

chmod -R 777 /home/username/Projects/x/storage/

echo "CHMOD 777 on Storage dir"

Warning! This will allow write access for everyone, so be carefull with it!
Also, maybe there is some usefull information in the log file of Laravel. (be sure to look in that log file before running my bash script)

Also, I know that it's already mentioned. But, be totally sure that you always

Allow cookies in the browser, so the token can be set in the cookies

Check if you are using the @csrf in your blade file

The form should be something like this

<form method="POST" action="{{ route('login') }}">

@csrf

.......

</form>

edited Nov 9 at 12:40

answered Nov 9 at 7:39

Koen Hollander

88821429

add a comment |

up vote
0
down vote

You cannot do an empty return on Laravel 5.6 or greater. Laravel always expects a value to be returned. (I know from past experience).
This is mainly to do with how PHP 7 handles empty returns.

answered Nov 9 at 14:58

Jamie Ross

95110

add a comment |

up vote
0
down vote

You have added the CSRF field incorrectly. Instead of @csrf you should use csrf_field() like this:

<form method="POST" action="/foo" >

    {{ csrf_field() }}

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

edited Nov 10 at 17:41

marcus.ramsden

2,1831828

answered Nov 10 at 13:41

Istiyak Amin

10112

No, 5.7 uses @csrf
– Don't Panic
Nov 11 at 11:05

add a comment |

up vote
0
down vote

There is no issue in the code. I have checked with the same code as you have written with new installation.

Form Code:

<form method="POST" action="/foo" >

    @csrf

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

web.php file code:

Route::get('/', function () {

    return view('welcome');

});



Route::post('/foo', function () {

    echo 1;

    return;

});

The result after submitting the form is:
Output after submitting the form

If you clear your browser cache or try with other browser, I think it will fixed.

answered Nov 11 at 12:34

engrhussainahmad

1258

add a comment |

up vote
0
down vote

A quick bad approach is that go to apphttpmiddlewareverifycsrftoken.php and add the route in $except list. The post request will be ignord for CSRF Token verification.

protected $except = [

    //

    'doLogin.aspx',

    'create_coupon',

];

answered Nov 11 at 13:33

Qasim Ali

13412

add a comment |

up vote
0
down vote

Actually SCRF is a session based token.
Add your route in a route group and add a middleware which control the sessions.

web is a default middleware in laravel and it can controls the session requests.

Route::group(array('middleware' => ['web']), function () {

  Route::post('/foo', function () {

     echo 1;

     return;

  });

});

answered Nov 11 at 17:25

Zia

213

add a comment |

up vote
0
down vote

In default I didn't have this problem. So what I did is chmod -R 644 sessions
to replicate the problem.

enter image description here

Afterwards I gave permissions to sessions folder by chmod -R 755 sessions

now my project code works again.

enter image description here

Reason it happens is you store your cache on file with lack of writing
permissions.

The session configuration file is stored at config/session.php. Be
sure to review the options available to you in this file. By default,
Laravel is configured to use the file session driver, which will work
well for many applications. In production applications, you may
consider using the memcached or redis drivers for even faster session
performance.

Solutions:

1 - As I have fixed above you can give 755 permission to sessions folder.
2 - You can use another session driver configuration.

file - sessions are stored in storage/framework/sessions. cookie -
sessions are stored in secure, encrypted cookies. database - sessions
are stored in a relational database. memcached / redis - sessions are
stored in one of these fast, cache based stores. array - sessions are
stored in a PHP array and will not be persisted.

Bear in mind; If you want to use memcached/redis you need to have them installed on your server or your docker redis container must be running.

answered Nov 12 at 8:58

Anar Bayramov

4,22442542

add a comment |

up vote
0
down vote

Just to put it out there, i had the same problems. On my local homestead it would work as expected but after pushing it to the development server i got the session timeout message as well. Figuring its a environment issue i changed from apache to nginx and that miraculously made the problem go away.

answered Dec 7 at 17:21

Kees Hessels

3416

add a comment |

up vote
0
down vote

I use Laravel 5.7
I had the same problem and it was because the csrf token wasn't in the form, so adding

@csrf

fixed the problem

answered Dec 14 at 14:31

Karim Samir

693711

add a comment |

up vote
-1
down vote

I have had similar problem and I found a solution to that

if you are echo or print something from controller while return to view this problem will pop up.

so make sure that you are not using echo or print when your controller returns

answered Nov 29 at 5:52

lionshell

This doesn't really add anything to the existing answers.
– Haldo
Dec 15 at 2:32

add a comment |

up vote
-3
down vote

<form method="POST" action="{{ url('foo') }}" >



or 

composer update or composer install



or 

in your Http/Kernel.php comment this line (not recommended)

// AppHttpMiddlewareVerifyCsrfToken::class,

answered Nov 7 at 3:48

Hamelraj

2,1222828

3

CSRF tokens are a security feature. Disabling verification might make the error go away, but it leaves a vulnerability without solving the problem or helping you figure out what caused it
– Travis Britz
Nov 7 at 6:10

add a comment |

Your Answer

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f52583886%2fpost-request-in-laravel-5-7-error-419-sorry-your-session-has-expired%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

18 Answers
18

active

oldest

votes

18 Answers
18

active

oldest

votes

up vote
7
down vote

+25

Maybe you can try switching your session driver/software from your .env file, the supported drivers are given below

Supported Session drivers in Laravel 5.7 (Doc Link)

file - sessions are stored in storage/framework/sessions. cookie - sessions are stored in secure, encrypted cookies.

database - sessions are stored in a relational database.

memcached / redis - sessions are stored in one of these fast, cache based stores.

array - sessions are stored in a PHP array and will not be persisted.

If your form works after switching the session driver, then something wrong is with that particular driver, try to fix the error from there.

Possible error prone scenarios

Probably file-based sessions might not work because of the permission issues with the /storage directory (a quick googling will fetch you the solution)

In the case of the database driver, your DB connection might be wrong, or the sessions table might not exist or wrongly configured (the wrong configuration part was confirmed to be an issue as per the comment by @Junaid Qadir).

redis/memcached configuration is wrong or is being manipulated by some other piece of code in the system at the same time.

It might be a good idea to execute php artisan key:generate and generate a new app key which will in turn flush the session data.

Read more about why application keys are important

answered Nov 11 at 20:59

Shobi

2,64811228

1

Sometimes it's just that browsers, mainly Chrome won't put the Set-Cookie session value because it's malformed or non-standard. So Laravel won't find any existing session value from the HTTP request to compare to the received _token value from the FORM. Avoid using SESSION_DOMAIN=... with IP which Chrome and HTTP Cookie Specs consider as insecure.
– KeitelDOG
Dec 7 at 15:54

Yep, found chrome as the culprit many times.
– Shobi
Dec 7 at 19:41

add a comment |

up vote
7
down vote

+25

Maybe you can try switching your session driver/software from your .env file, the supported drivers are given below

Supported Session drivers in Laravel 5.7 (Doc Link)

file - sessions are stored in storage/framework/sessions. cookie - sessions are stored in secure, encrypted cookies.

database - sessions are stored in a relational database.

memcached / redis - sessions are stored in one of these fast, cache based stores.

array - sessions are stored in a PHP array and will not be persisted.

If your form works after switching the session driver, then something wrong is with that particular driver, try to fix the error from there.

Possible error prone scenarios

Probably file-based sessions might not work because of the permission issues with the /storage directory (a quick googling will fetch you the solution)

In the case of the database driver, your DB connection might be wrong, or the sessions table might not exist or wrongly configured (the wrong configuration part was confirmed to be an issue as per the comment by @Junaid Qadir).

redis/memcached configuration is wrong or is being manipulated by some other piece of code in the system at the same time.

It might be a good idea to execute php artisan key:generate and generate a new app key which will in turn flush the session data.

Read more about why application keys are important

answered Nov 11 at 20:59

Shobi

2,64811228

1

Sometimes it's just that browsers, mainly Chrome won't put the Set-Cookie session value because it's malformed or non-standard. So Laravel won't find any existing session value from the HTTP request to compare to the received _token value from the FORM. Avoid using SESSION_DOMAIN=... with IP which Chrome and HTTP Cookie Specs consider as insecure.
– KeitelDOG
Dec 7 at 15:54

Yep, found chrome as the culprit many times.
– Shobi
Dec 7 at 19:41

add a comment |

up vote
7
down vote

+25

up vote
7
down vote

+25

Maybe you can try switching your session driver/software from your .env file, the supported drivers are given below

Supported Session drivers in Laravel 5.7 (Doc Link)

file - sessions are stored in storage/framework/sessions. cookie - sessions are stored in secure, encrypted cookies.

database - sessions are stored in a relational database.

memcached / redis - sessions are stored in one of these fast, cache based stores.

array - sessions are stored in a PHP array and will not be persisted.

If your form works after switching the session driver, then something wrong is with that particular driver, try to fix the error from there.

Possible error prone scenarios

Probably file-based sessions might not work because of the permission issues with the /storage directory (a quick googling will fetch you the solution)

In the case of the database driver, your DB connection might be wrong, or the sessions table might not exist or wrongly configured (the wrong configuration part was confirmed to be an issue as per the comment by @Junaid Qadir).

redis/memcached configuration is wrong or is being manipulated by some other piece of code in the system at the same time.

It might be a good idea to execute php artisan key:generate and generate a new app key which will in turn flush the session data.

Read more about why application keys are important

answered Nov 11 at 20:59

Shobi

2,64811228

Maybe you can try switching your session driver/software from your .env file, the supported drivers are given below

Supported Session drivers in Laravel 5.7 (Doc Link)

file - sessions are stored in storage/framework/sessions. cookie - sessions are stored in secure, encrypted cookies.

database - sessions are stored in a relational database.

memcached / redis - sessions are stored in one of these fast, cache based stores.

array - sessions are stored in a PHP array and will not be persisted.

If your form works after switching the session driver, then something wrong is with that particular driver, try to fix the error from there.

Possible error prone scenarios

Probably file-based sessions might not work because of the permission issues with the /storage directory (a quick googling will fetch you the solution)

In the case of the database driver, your DB connection might be wrong, or the sessions table might not exist or wrongly configured (the wrong configuration part was confirmed to be an issue as per the comment by @Junaid Qadir).

redis/memcached configuration is wrong or is being manipulated by some other piece of code in the system at the same time.

It might be a good idea to execute php artisan key:generate and generate a new app key which will in turn flush the session data.

Read more about why application keys are important

answered Nov 11 at 20:59

Shobi

2,64811228

answered Nov 11 at 20:59

Shobi

2,64811228

answered Nov 11 at 20:59

Shobi

2,64811228

answered Nov 11 at 20:59

Shobi

2,64811228

1

Sometimes it's just that browsers, mainly Chrome won't put the Set-Cookie session value because it's malformed or non-standard. So Laravel won't find any existing session value from the HTTP request to compare to the received _token value from the FORM. Avoid using SESSION_DOMAIN=... with IP which Chrome and HTTP Cookie Specs consider as insecure.
– KeitelDOG
Dec 7 at 15:54

Yep, found chrome as the culprit many times.
– Shobi
Dec 7 at 19:41

add a comment |

1

Sometimes it's just that browsers, mainly Chrome won't put the Set-Cookie session value because it's malformed or non-standard. So Laravel won't find any existing session value from the HTTP request to compare to the received _token value from the FORM. Avoid using SESSION_DOMAIN=... with IP which Chrome and HTTP Cookie Specs consider as insecure.
– KeitelDOG
Dec 7 at 15:54

Yep, found chrome as the culprit many times.
– Shobi
Dec 7 at 19:41

Sometimes it's just that browsers, mainly Chrome won't put the Set-Cookie session value because it's malformed or non-standard. So Laravel won't find any existing session value from the HTTP request to compare to the received _token value from the FORM. Avoid using SESSION_DOMAIN=... with IP which Chrome and HTTP Cookie Specs consider as insecure.
– KeitelDOG
Dec 7 at 15:54

Yep, found chrome as the culprit many times.
– Shobi
Dec 7 at 19:41

add a comment |

up vote
2
down vote

This is because the form requires a csrf. In version 5.7, they changed it to @csrf

<form action="" method="post">

    @csrf

    ...

Referene:
https://laravel.com/docs/5.7/csrf

answered Oct 10 at 3:01

David

472

3

His form includes a csrf token. Not sure if he edited it later or not.
– eResourcesInc
Oct 10 at 3:30

yeah, his form originally has a csrf field, I just looked into the edit history
– Dexter Bengil
Nov 7 at 9:39

add a comment |

up vote
2
down vote

This is because the form requires a csrf. In version 5.7, they changed it to @csrf

<form action="" method="post">

    @csrf

    ...

Referene:
https://laravel.com/docs/5.7/csrf

answered Oct 10 at 3:01

David

472

3

His form includes a csrf token. Not sure if he edited it later or not.
– eResourcesInc
Oct 10 at 3:30

yeah, his form originally has a csrf field, I just looked into the edit history
– Dexter Bengil
Nov 7 at 9:39

add a comment |

up vote
2
down vote

This is because the form requires a csrf. In version 5.7, they changed it to @csrf

<form action="" method="post">

    @csrf

    ...

Referene:
https://laravel.com/docs/5.7/csrf

answered Oct 10 at 3:01

David

472

This is because the form requires a csrf. In version 5.7, they changed it to @csrf

<form action="" method="post">

    @csrf

    ...

Referene:
https://laravel.com/docs/5.7/csrf

answered Oct 10 at 3:01

David

472

answered Oct 10 at 3:01

David

472

answered Oct 10 at 3:01

David

472

answered Oct 10 at 3:01

David

472

3

His form includes a csrf token. Not sure if he edited it later or not.
– eResourcesInc
Oct 10 at 3:30

yeah, his form originally has a csrf field, I just looked into the edit history
– Dexter Bengil
Nov 7 at 9:39

add a comment |

3

His form includes a csrf token. Not sure if he edited it later or not.
– eResourcesInc
Oct 10 at 3:30

yeah, his form originally has a csrf field, I just looked into the edit history
– Dexter Bengil
Nov 7 at 9:39

His form includes a csrf token. Not sure if he edited it later or not.
– eResourcesInc
Oct 10 at 3:30

yeah, his form originally has a csrf field, I just looked into the edit history
– Dexter Bengil
Nov 7 at 9:39

add a comment |

up vote
2
down vote

How about using

{{ csrf_field() }} instead of @csrf

419 error is mostly because of csrf token issues.

edited Nov 6 at 12:25

answered Nov 5 at 12:05

Bonish Koirala

4138

You mean {{ csrf_field() }}?
– Travis Britz
Nov 6 at 11:45

yeah thanks for the reminder
– Bonish Koirala
Nov 6 at 12:25

5.7 uses @csrf
– Don't Panic
Nov 11 at 11:05

{{ csrf_field() }} worked for me
– Kiran Reddy
Dec 5 at 4:45

add a comment |

up vote
2
down vote

How about using

{{ csrf_field() }} instead of @csrf

419 error is mostly because of csrf token issues.

edited Nov 6 at 12:25

answered Nov 5 at 12:05

Bonish Koirala

4138

You mean {{ csrf_field() }}?
– Travis Britz
Nov 6 at 11:45

yeah thanks for the reminder
– Bonish Koirala
Nov 6 at 12:25

5.7 uses @csrf
– Don't Panic
Nov 11 at 11:05

{{ csrf_field() }} worked for me
– Kiran Reddy
Dec 5 at 4:45

add a comment |

up vote
2
down vote

How about using

{{ csrf_field() }} instead of @csrf

419 error is mostly because of csrf token issues.

edited Nov 6 at 12:25

answered Nov 5 at 12:05

Bonish Koirala

4138

How about using

{{ csrf_field() }} instead of @csrf

419 error is mostly because of csrf token issues.

edited Nov 6 at 12:25

answered Nov 5 at 12:05

Bonish Koirala

4138

edited Nov 6 at 12:25

answered Nov 5 at 12:05

Bonish Koirala

4138

answered Nov 5 at 12:05

Bonish Koirala

4138

answered Nov 5 at 12:05

Bonish Koirala

4138

You mean {{ csrf_field() }}?
– Travis Britz
Nov 6 at 11:45

yeah thanks for the reminder
– Bonish Koirala
Nov 6 at 12:25

5.7 uses @csrf
– Don't Panic
Nov 11 at 11:05

{{ csrf_field() }} worked for me
– Kiran Reddy
Dec 5 at 4:45

add a comment |

You mean {{ csrf_field() }}?
– Travis Britz
Nov 6 at 11:45

yeah thanks for the reminder
– Bonish Koirala
Nov 6 at 12:25

5.7 uses @csrf
– Don't Panic
Nov 11 at 11:05

{{ csrf_field() }} worked for me
– Kiran Reddy
Dec 5 at 4:45

You mean {{ csrf_field() }}?
– Travis Britz
Nov 6 at 11:45

yeah thanks for the reminder
– Bonish Koirala
Nov 6 at 12:25

5.7 uses @csrf
– Don't Panic
Nov 11 at 11:05

{{ csrf_field() }} worked for me
– Kiran Reddy
Dec 5 at 4:45

add a comment |

up vote
1
down vote

Previously I tried:

Clear cache

Generate new app key

Run my app in various Browsers (Chrome 70, Mozilla Firefox 57, and IE 11)

Run my app in another computer

Comment out AppHttpMiddlewareVerifyCsrfToken::class in appHttpKernel.php

Comment out IlluminateSessionMiddlewareAuthenticateSession::class in appHttpKernel.php

Upgrade and downgrade Laravel (between 5.6 and 5.7)

But none of these above worked for me.

answered Dec 3 at 4:10

Prasna Lukito

113

add a comment |

up vote
1
down vote

Previously I tried:

Clear cache

Generate new app key

Run my app in various Browsers (Chrome 70, Mozilla Firefox 57, and IE 11)

Run my app in another computer

Comment out AppHttpMiddlewareVerifyCsrfToken::class in appHttpKernel.php

Comment out IlluminateSessionMiddlewareAuthenticateSession::class in appHttpKernel.php

Upgrade and downgrade Laravel (between 5.6 and 5.7)

But none of these above worked for me.

answered Dec 3 at 4:10

Prasna Lukito

113

add a comment |

up vote
1
down vote

Previously I tried:

Clear cache

Generate new app key

Run my app in various Browsers (Chrome 70, Mozilla Firefox 57, and IE 11)

Run my app in another computer

Comment out AppHttpMiddlewareVerifyCsrfToken::class in appHttpKernel.php

Comment out IlluminateSessionMiddlewareAuthenticateSession::class in appHttpKernel.php

Upgrade and downgrade Laravel (between 5.6 and 5.7)

But none of these above worked for me.

answered Dec 3 at 4:10

Prasna Lukito

113

Previously I tried:

Clear cache

Generate new app key

Run my app in various Browsers (Chrome 70, Mozilla Firefox 57, and IE 11)

Run my app in another computer

Comment out AppHttpMiddlewareVerifyCsrfToken::class in appHttpKernel.php

Comment out IlluminateSessionMiddlewareAuthenticateSession::class in appHttpKernel.php

Upgrade and downgrade Laravel (between 5.6 and 5.7)

But none of these above worked for me.

answered Dec 3 at 4:10

Prasna Lukito

113

answered Dec 3 at 4:10

Prasna Lukito

113

answered Dec 3 at 4:10

Prasna Lukito

113

answered Dec 3 at 4:10

Prasna Lukito

113

add a comment |

up vote
0
down vote

I hope this helps someone from a few hours of head scratching!

Disabled form inputs do not appear in the request

answered Oct 14 at 19:38

Splodge

add a comment |

up vote
0
down vote

I hope this helps someone from a few hours of head scratching!

Disabled form inputs do not appear in the request

answered Oct 14 at 19:38

Splodge

add a comment |

up vote
0
down vote

I hope this helps someone from a few hours of head scratching!

Disabled form inputs do not appear in the request

answered Oct 14 at 19:38

Splodge

I hope this helps someone from a few hours of head scratching!

Disabled form inputs do not appear in the request

answered Oct 14 at 19:38

Splodge

answered Oct 14 at 19:38

Splodge

answered Oct 14 at 19:38

Splodge

answered Oct 14 at 19:38

Splodge

add a comment |

up vote
0
down vote

In your Http/Kernel.php

try to comment this line :

IlluminateSessionMiddlewareAuthenticateSession::class,

in your web middleware array

it might be the root of your issue

answered Nov 6 at 12:11

Mathieu Ferre

1,264322

add a comment |

up vote
0
down vote

In your Http/Kernel.php

try to comment this line :

IlluminateSessionMiddlewareAuthenticateSession::class,

in your web middleware array

it might be the root of your issue

answered Nov 6 at 12:11

Mathieu Ferre

1,264322

add a comment |

up vote
0
down vote

In your Http/Kernel.php

try to comment this line :

IlluminateSessionMiddlewareAuthenticateSession::class,

in your web middleware array

it might be the root of your issue

answered Nov 6 at 12:11

Mathieu Ferre

1,264322

In your Http/Kernel.php

try to comment this line :

IlluminateSessionMiddlewareAuthenticateSession::class,

in your web middleware array

it might be the root of your issue

answered Nov 6 at 12:11

Mathieu Ferre

1,264322

answered Nov 6 at 12:11

Mathieu Ferre

1,264322

answered Nov 6 at 12:11

Mathieu Ferre

1,264322

answered Nov 6 at 12:11

Mathieu Ferre

1,264322

add a comment |

up vote
0
down vote

It may be overkill but you can try this:

// Form calling named route with hidden token field added.

<form method="POST" action="{{ route('foo') }}" >

    @csrf

    <input type="hidden" name="_token" value="{!! csrf_token() !!}">

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

// Named Route

Route::post('/foo', function () {

    return 'bar';

})->name('foo');

// Add this within the <head></head> block:

<meta name="_token" content="{!! csrf_token() !!}" />

I did test it on my local using Homestead on Laravel 5.7 which was was fresh install using Laravel Installer 2.0.1 and it worked. What is your environment?

edited Nov 9 at 7:42

answered Nov 9 at 7:13

developernator

2,41611220

<meta> tag in the form? What kind of magic is that.
– emix
Nov 9 at 7:18

laravel.com/docs/5.7/csrf#csrf-x-csrf-token
– developernator
Nov 9 at 7:20

Yeah cool, but <meta> tags should be placed within the <head>, not inside the <body>. I'm not sure HTML validator would like this.
– emix
Nov 9 at 7:20

I would say you are correct and that should be moved to the head.
– developernator
Nov 9 at 7:23

add a comment |

up vote
0
down vote

It may be overkill but you can try this:

// Form calling named route with hidden token field added.

<form method="POST" action="{{ route('foo') }}" >

    @csrf

    <input type="hidden" name="_token" value="{!! csrf_token() !!}">

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

// Named Route

Route::post('/foo', function () {

    return 'bar';

})->name('foo');

// Add this within the <head></head> block:

<meta name="_token" content="{!! csrf_token() !!}" />

I did test it on my local using Homestead on Laravel 5.7 which was was fresh install using Laravel Installer 2.0.1 and it worked. What is your environment?

edited Nov 9 at 7:42

answered Nov 9 at 7:13

developernator

2,41611220

<meta> tag in the form? What kind of magic is that.
– emix
Nov 9 at 7:18

laravel.com/docs/5.7/csrf#csrf-x-csrf-token
– developernator
Nov 9 at 7:20

Yeah cool, but <meta> tags should be placed within the <head>, not inside the <body>. I'm not sure HTML validator would like this.
– emix
Nov 9 at 7:20

I would say you are correct and that should be moved to the head.
– developernator
Nov 9 at 7:23

add a comment |

up vote
0
down vote

It may be overkill but you can try this:

// Form calling named route with hidden token field added.

<form method="POST" action="{{ route('foo') }}" >

    @csrf

    <input type="hidden" name="_token" value="{!! csrf_token() !!}">

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

// Named Route

Route::post('/foo', function () {

    return 'bar';

})->name('foo');

// Add this within the <head></head> block:

<meta name="_token" content="{!! csrf_token() !!}" />

I did test it on my local using Homestead on Laravel 5.7 which was was fresh install using Laravel Installer 2.0.1 and it worked. What is your environment?

edited Nov 9 at 7:42

answered Nov 9 at 7:13

developernator

2,41611220

It may be overkill but you can try this:

// Form calling named route with hidden token field added.

<form method="POST" action="{{ route('foo') }}" >

    @csrf

    <input type="hidden" name="_token" value="{!! csrf_token() !!}">

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

// Named Route

Route::post('/foo', function () {

    return 'bar';

})->name('foo');

// Add this within the <head></head> block:

<meta name="_token" content="{!! csrf_token() !!}" />

I did test it on my local using Homestead on Laravel 5.7 which was was fresh install using Laravel Installer 2.0.1 and it worked. What is your environment?

edited Nov 9 at 7:42

answered Nov 9 at 7:13

developernator

2,41611220

edited Nov 9 at 7:42

answered Nov 9 at 7:13

developernator

2,41611220

answered Nov 9 at 7:13

developernator

2,41611220

answered Nov 9 at 7:13

developernator

2,41611220

<meta> tag in the form? What kind of magic is that.
– emix
Nov 9 at 7:18

laravel.com/docs/5.7/csrf#csrf-x-csrf-token
– developernator
Nov 9 at 7:20

Yeah cool, but <meta> tags should be placed within the <head>, not inside the <body>. I'm not sure HTML validator would like this.
– emix
Nov 9 at 7:20

I would say you are correct and that should be moved to the head.
– developernator
Nov 9 at 7:23

add a comment |

<meta> tag in the form? What kind of magic is that.
– emix
Nov 9 at 7:18

laravel.com/docs/5.7/csrf#csrf-x-csrf-token
– developernator
Nov 9 at 7:20

Yeah cool, but <meta> tags should be placed within the <head>, not inside the <body>. I'm not sure HTML validator would like this.
– emix
Nov 9 at 7:20

I would say you are correct and that should be moved to the head.
– developernator
Nov 9 at 7:23

<meta> tag in the form? What kind of magic is that.
– emix
Nov 9 at 7:18

laravel.com/docs/5.7/csrf#csrf-x-csrf-token
– developernator
Nov 9 at 7:20

Yeah cool, but <meta> tags should be placed within the <head>, not inside the <body>. I'm not sure HTML validator would like this.
– emix
Nov 9 at 7:20

I would say you are correct and that should be moved to the head.
– developernator
Nov 9 at 7:23

add a comment |

up vote
0
down vote

Like this:

chmod -R 777 storage/framework/sessions

chmod -R 777 storage/logs

I know, a 777 permission is the worst disaster that you can ever imagine. But they are handy for troubleshooting.

To be sure that I never forgot this I made a bash script. (Called it lalog, just because I wanted to clear the log files and set permissions)

Note: Make sure that you use this on the session directory. In config/session.php there is a files key declared with the location. In my case:

<?php

//...........

'files' => storage_path('framework/sessions'),

//...........

Location: /usr/bin/lalog (This is a file, not a directory)

Execute in shell as lalog

#!/bin/bash

rm -rf /home/username/Projects/x/storage/logs/laravel.log

echo "Laravel log removed"

touch /home/username/Projects/x/storage/logs/laravel.log

echo "Laravel log created"

chmod -R 777 /home/username/Projects/x/storage/

echo "CHMOD 777 on Storage dir"

Also, I know that it's already mentioned. But, be totally sure that you always

Allow cookies in the browser, so the token can be set in the cookies

Check if you are using the @csrf in your blade file

The form should be something like this

<form method="POST" action="{{ route('login') }}">

@csrf

.......

</form>

edited Nov 9 at 12:40

answered Nov 9 at 7:39

Koen Hollander

88821429

add a comment |

up vote
0
down vote

Like this:

chmod -R 777 storage/framework/sessions

chmod -R 777 storage/logs

I know, a 777 permission is the worst disaster that you can ever imagine. But they are handy for troubleshooting.

To be sure that I never forgot this I made a bash script. (Called it lalog, just because I wanted to clear the log files and set permissions)

Note: Make sure that you use this on the session directory. In config/session.php there is a files key declared with the location. In my case:

<?php

//...........

'files' => storage_path('framework/sessions'),

//...........

Location: /usr/bin/lalog (This is a file, not a directory)

Execute in shell as lalog

#!/bin/bash

rm -rf /home/username/Projects/x/storage/logs/laravel.log

echo "Laravel log removed"

touch /home/username/Projects/x/storage/logs/laravel.log

echo "Laravel log created"

chmod -R 777 /home/username/Projects/x/storage/

echo "CHMOD 777 on Storage dir"

Also, I know that it's already mentioned. But, be totally sure that you always

Allow cookies in the browser, so the token can be set in the cookies

Check if you are using the @csrf in your blade file

The form should be something like this

<form method="POST" action="{{ route('login') }}">

@csrf

.......

</form>

edited Nov 9 at 12:40

answered Nov 9 at 7:39

Koen Hollander

88821429

add a comment |

up vote
0
down vote

Like this:

chmod -R 777 storage/framework/sessions

chmod -R 777 storage/logs

I know, a 777 permission is the worst disaster that you can ever imagine. But they are handy for troubleshooting.

To be sure that I never forgot this I made a bash script. (Called it lalog, just because I wanted to clear the log files and set permissions)

Note: Make sure that you use this on the session directory. In config/session.php there is a files key declared with the location. In my case:

<?php

//...........

'files' => storage_path('framework/sessions'),

//...........

Location: /usr/bin/lalog (This is a file, not a directory)

Execute in shell as lalog

#!/bin/bash

rm -rf /home/username/Projects/x/storage/logs/laravel.log

echo "Laravel log removed"

touch /home/username/Projects/x/storage/logs/laravel.log

echo "Laravel log created"

chmod -R 777 /home/username/Projects/x/storage/

echo "CHMOD 777 on Storage dir"

Also, I know that it's already mentioned. But, be totally sure that you always

Allow cookies in the browser, so the token can be set in the cookies

Check if you are using the @csrf in your blade file

The form should be something like this

<form method="POST" action="{{ route('login') }}">

@csrf

.......

</form>

edited Nov 9 at 12:40

answered Nov 9 at 7:39

Koen Hollander

88821429

Like this:

chmod -R 777 storage/framework/sessions

chmod -R 777 storage/logs

I know, a 777 permission is the worst disaster that you can ever imagine. But they are handy for troubleshooting.

To be sure that I never forgot this I made a bash script. (Called it lalog, just because I wanted to clear the log files and set permissions)

Note: Make sure that you use this on the session directory. In config/session.php there is a files key declared with the location. In my case:

<?php

//...........

'files' => storage_path('framework/sessions'),

//...........

Location: /usr/bin/lalog (This is a file, not a directory)

Execute in shell as lalog

#!/bin/bash

rm -rf /home/username/Projects/x/storage/logs/laravel.log

echo "Laravel log removed"

touch /home/username/Projects/x/storage/logs/laravel.log

echo "Laravel log created"

chmod -R 777 /home/username/Projects/x/storage/

echo "CHMOD 777 on Storage dir"

Also, I know that it's already mentioned. But, be totally sure that you always

Allow cookies in the browser, so the token can be set in the cookies

Check if you are using the @csrf in your blade file

The form should be something like this

<form method="POST" action="{{ route('login') }}">

@csrf

.......

</form>

edited Nov 9 at 12:40

answered Nov 9 at 7:39

Koen Hollander

88821429

edited Nov 9 at 12:40

answered Nov 9 at 7:39

Koen Hollander

88821429

answered Nov 9 at 7:39

Koen Hollander

88821429

answered Nov 9 at 7:39

Koen Hollander

88821429

add a comment |

up vote
0
down vote

You cannot do an empty return on Laravel 5.6 or greater. Laravel always expects a value to be returned. (I know from past experience).
This is mainly to do with how PHP 7 handles empty returns.

answered Nov 9 at 14:58

Jamie Ross

95110

add a comment |

up vote
0
down vote

You cannot do an empty return on Laravel 5.6 or greater. Laravel always expects a value to be returned. (I know from past experience).
This is mainly to do with how PHP 7 handles empty returns.

answered Nov 9 at 14:58

Jamie Ross

95110

add a comment |

up vote
0
down vote

You cannot do an empty return on Laravel 5.6 or greater. Laravel always expects a value to be returned. (I know from past experience).
This is mainly to do with how PHP 7 handles empty returns.

answered Nov 9 at 14:58

Jamie Ross

95110

You cannot do an empty return on Laravel 5.6 or greater. Laravel always expects a value to be returned. (I know from past experience).
This is mainly to do with how PHP 7 handles empty returns.

answered Nov 9 at 14:58

Jamie Ross

95110

answered Nov 9 at 14:58

Jamie Ross

95110

answered Nov 9 at 14:58

Jamie Ross

95110

answered Nov 9 at 14:58

Jamie Ross

95110

add a comment |

up vote
0
down vote

You have added the CSRF field incorrectly. Instead of @csrf you should use csrf_field() like this:

<form method="POST" action="/foo" >

    {{ csrf_field() }}

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

edited Nov 10 at 17:41

marcus.ramsden

2,1831828

answered Nov 10 at 13:41

Istiyak Amin

10112

No, 5.7 uses @csrf
– Don't Panic
Nov 11 at 11:05

add a comment |

up vote
0
down vote

You have added the CSRF field incorrectly. Instead of @csrf you should use csrf_field() like this:

<form method="POST" action="/foo" >

    {{ csrf_field() }}

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

edited Nov 10 at 17:41

marcus.ramsden

2,1831828

answered Nov 10 at 13:41

Istiyak Amin

10112

No, 5.7 uses @csrf
– Don't Panic
Nov 11 at 11:05

add a comment |

up vote
0
down vote

You have added the CSRF field incorrectly. Instead of @csrf you should use csrf_field() like this:

<form method="POST" action="/foo" >

    {{ csrf_field() }}

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

edited Nov 10 at 17:41

marcus.ramsden

2,1831828

answered Nov 10 at 13:41

Istiyak Amin

10112

You have added the CSRF field incorrectly. Instead of @csrf you should use csrf_field() like this:

<form method="POST" action="/foo" >

    {{ csrf_field() }}

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

edited Nov 10 at 17:41

marcus.ramsden

2,1831828

answered Nov 10 at 13:41

Istiyak Amin

10112

edited Nov 10 at 17:41

marcus.ramsden

2,1831828

edited Nov 10 at 17:41

marcus.ramsden

2,1831828

edited Nov 10 at 17:41

marcus.ramsden

2,1831828

answered Nov 10 at 13:41

Istiyak Amin

10112

answered Nov 10 at 13:41

Istiyak Amin

10112

answered Nov 10 at 13:41

Istiyak Amin

10112

No, 5.7 uses @csrf
– Don't Panic
Nov 11 at 11:05

add a comment |

No, 5.7 uses @csrf
– Don't Panic
Nov 11 at 11:05

No, 5.7 uses @csrf
– Don't Panic
Nov 11 at 11:05

add a comment |

up vote
0
down vote

There is no issue in the code. I have checked with the same code as you have written with new installation.

Form Code:

<form method="POST" action="/foo" >

    @csrf

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

web.php file code:

Route::get('/', function () {

    return view('welcome');

});



Route::post('/foo', function () {

    echo 1;

    return;

});

The result after submitting the form is:
Output after submitting the form

If you clear your browser cache or try with other browser, I think it will fixed.

answered Nov 11 at 12:34

engrhussainahmad

1258

add a comment |

up vote
0
down vote

There is no issue in the code. I have checked with the same code as you have written with new installation.

Form Code:

<form method="POST" action="/foo" >

    @csrf

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

web.php file code:

Route::get('/', function () {

    return view('welcome');

});



Route::post('/foo', function () {

    echo 1;

    return;

});

The result after submitting the form is:
Output after submitting the form

If you clear your browser cache or try with other browser, I think it will fixed.

answered Nov 11 at 12:34

engrhussainahmad

1258

add a comment |

up vote
0
down vote

There is no issue in the code. I have checked with the same code as you have written with new installation.

Form Code:

<form method="POST" action="/foo" >

    @csrf

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

web.php file code:

Route::get('/', function () {

    return view('welcome');

});



Route::post('/foo', function () {

    echo 1;

    return;

});

The result after submitting the form is:
Output after submitting the form

If you clear your browser cache or try with other browser, I think it will fixed.

answered Nov 11 at 12:34

engrhussainahmad

1258

There is no issue in the code. I have checked with the same code as you have written with new installation.

Form Code:

<form method="POST" action="/foo" >

    @csrf

    <input type="text" name="name"/><br/>

    <input type="submit" value="Add"/>

</form>

web.php file code:

Route::get('/', function () {

    return view('welcome');

});



Route::post('/foo', function () {

    echo 1;

    return;

});

The result after submitting the form is:
Output after submitting the form

If you clear your browser cache or try with other browser, I think it will fixed.

answered Nov 11 at 12:34

engrhussainahmad

1258

answered Nov 11 at 12:34

engrhussainahmad

1258

answered Nov 11 at 12:34

engrhussainahmad

1258

answered Nov 11 at 12:34

engrhussainahmad

1258

add a comment |

up vote
0
down vote

A quick bad approach is that go to apphttpmiddlewareverifycsrftoken.php and add the route in $except list. The post request will be ignord for CSRF Token verification.

protected $except = [

    //

    'doLogin.aspx',

    'create_coupon',

];

answered Nov 11 at 13:33

Qasim Ali

13412

add a comment |

up vote
0
down vote

A quick bad approach is that go to apphttpmiddlewareverifycsrftoken.php and add the route in $except list. The post request will be ignord for CSRF Token verification.

protected $except = [

    //

    'doLogin.aspx',

    'create_coupon',

];

answered Nov 11 at 13:33

Qasim Ali

13412

add a comment |

up vote
0
down vote

A quick bad approach is that go to apphttpmiddlewareverifycsrftoken.php and add the route in $except list. The post request will be ignord for CSRF Token verification.

protected $except = [

    //

    'doLogin.aspx',

    'create_coupon',

];

answered Nov 11 at 13:33

Qasim Ali

13412

A quick bad approach is that go to apphttpmiddlewareverifycsrftoken.php and add the route in $except list. The post request will be ignord for CSRF Token verification.

protected $except = [

    //

    'doLogin.aspx',

    'create_coupon',

];

answered Nov 11 at 13:33

Qasim Ali

13412

answered Nov 11 at 13:33

Qasim Ali

13412

answered Nov 11 at 13:33

Qasim Ali

13412

answered Nov 11 at 13:33

Qasim Ali

13412

add a comment |

up vote
0
down vote

Actually SCRF is a session based token.
Add your route in a route group and add a middleware which control the sessions.

web is a default middleware in laravel and it can controls the session requests.

Route::group(array('middleware' => ['web']), function () {

  Route::post('/foo', function () {

     echo 1;

     return;

  });

});

answered Nov 11 at 17:25

Zia

213

add a comment |

up vote
0
down vote

Actually SCRF is a session based token.
Add your route in a route group and add a middleware which control the sessions.

web is a default middleware in laravel and it can controls the session requests.

Route::group(array('middleware' => ['web']), function () {

  Route::post('/foo', function () {

     echo 1;

     return;

  });

});

answered Nov 11 at 17:25

Zia

213

add a comment |

up vote
0
down vote

Actually SCRF is a session based token.
Add your route in a route group and add a middleware which control the sessions.

web is a default middleware in laravel and it can controls the session requests.

Route::group(array('middleware' => ['web']), function () {

  Route::post('/foo', function () {

     echo 1;

     return;

  });

});

answered Nov 11 at 17:25

Zia

213

Actually SCRF is a session based token.
Add your route in a route group and add a middleware which control the sessions.

web is a default middleware in laravel and it can controls the session requests.

Route::group(array('middleware' => ['web']), function () {

  Route::post('/foo', function () {

     echo 1;

     return;

  });

});

answered Nov 11 at 17:25

Zia

213

answered Nov 11 at 17:25

Zia

213

answered Nov 11 at 17:25

Zia

213

answered Nov 11 at 17:25

Zia

213

add a comment |

up vote
0
down vote

In default I didn't have this problem. So what I did is chmod -R 644 sessions
to replicate the problem.

enter image description here

Afterwards I gave permissions to sessions folder by chmod -R 755 sessions

now my project code works again.

enter image description here

Reason it happens is you store your cache on file with lack of writing
permissions.

The session configuration file is stored at config/session.php. Be
sure to review the options available to you in this file. By default,
Laravel is configured to use the file session driver, which will work
well for many applications. In production applications, you may
consider using the memcached or redis drivers for even faster session
performance.

Solutions:

1 - As I have fixed above you can give 755 permission to sessions folder.
2 - You can use another session driver configuration.

file - sessions are stored in storage/framework/sessions. cookie -
sessions are stored in secure, encrypted cookies. database - sessions
are stored in a relational database. memcached / redis - sessions are
stored in one of these fast, cache based stores. array - sessions are
stored in a PHP array and will not be persisted.

Bear in mind; If you want to use memcached/redis you need to have them installed on your server or your docker redis container must be running.

answered Nov 12 at 8:58

Anar Bayramov

4,22442542

add a comment |

up vote
0
down vote

In default I didn't have this problem. So what I did is chmod -R 644 sessions
to replicate the problem.

enter image description here

Afterwards I gave permissions to sessions folder by chmod -R 755 sessions

now my project code works again.

enter image description here

Reason it happens is you store your cache on file with lack of writing
permissions.

The session configuration file is stored at config/session.php. Be
sure to review the options available to you in this file. By default,
Laravel is configured to use the file session driver, which will work
well for many applications. In production applications, you may
consider using the memcached or redis drivers for even faster session
performance.

Solutions:

1 - As I have fixed above you can give 755 permission to sessions folder.
2 - You can use another session driver configuration.

file - sessions are stored in storage/framework/sessions. cookie -
sessions are stored in secure, encrypted cookies. database - sessions
are stored in a relational database. memcached / redis - sessions are
stored in one of these fast, cache based stores. array - sessions are
stored in a PHP array and will not be persisted.

Bear in mind; If you want to use memcached/redis you need to have them installed on your server or your docker redis container must be running.

answered Nov 12 at 8:58

Anar Bayramov

4,22442542

add a comment |

up vote
0
down vote

In default I didn't have this problem. So what I did is chmod -R 644 sessions
to replicate the problem.

enter image description here

Afterwards I gave permissions to sessions folder by chmod -R 755 sessions

now my project code works again.

enter image description here

Reason it happens is you store your cache on file with lack of writing
permissions.

The session configuration file is stored at config/session.php. Be
sure to review the options available to you in this file. By default,
Laravel is configured to use the file session driver, which will work
well for many applications. In production applications, you may
consider using the memcached or redis drivers for even faster session
performance.

Solutions:

1 - As I have fixed above you can give 755 permission to sessions folder.
2 - You can use another session driver configuration.

file - sessions are stored in storage/framework/sessions. cookie -
sessions are stored in secure, encrypted cookies. database - sessions
are stored in a relational database. memcached / redis - sessions are
stored in one of these fast, cache based stores. array - sessions are
stored in a PHP array and will not be persisted.

Bear in mind; If you want to use memcached/redis you need to have them installed on your server or your docker redis container must be running.

answered Nov 12 at 8:58

Anar Bayramov

4,22442542

In default I didn't have this problem. So what I did is chmod -R 644 sessions
to replicate the problem.

enter image description here

Afterwards I gave permissions to sessions folder by chmod -R 755 sessions

now my project code works again.

enter image description here

Reason it happens is you store your cache on file with lack of writing
permissions.

The session configuration file is stored at config/session.php. Be
sure to review the options available to you in this file. By default,
Laravel is configured to use the file session driver, which will work
well for many applications. In production applications, you may
consider using the memcached or redis drivers for even faster session
performance.

Solutions:

1 - As I have fixed above you can give 755 permission to sessions folder.
2 - You can use another session driver configuration.

file - sessions are stored in storage/framework/sessions. cookie -
sessions are stored in secure, encrypted cookies. database - sessions
are stored in a relational database. memcached / redis - sessions are
stored in one of these fast, cache based stores. array - sessions are
stored in a PHP array and will not be persisted.

Bear in mind; If you want to use memcached/redis you need to have them installed on your server or your docker redis container must be running.

answered Nov 12 at 8:58

Anar Bayramov

4,22442542

answered Nov 12 at 8:58

Anar Bayramov

4,22442542

answered Nov 12 at 8:58

Anar Bayramov

4,22442542

answered Nov 12 at 8:58

Anar Bayramov

4,22442542

add a comment |

up vote
0
down vote

answered Dec 7 at 17:21

Kees Hessels

3416

add a comment |

up vote
0
down vote

answered Dec 7 at 17:21

Kees Hessels

3416

add a comment |

up vote
0
down vote

answered Dec 7 at 17:21

Kees Hessels

3416

answered Dec 7 at 17:21

Kees Hessels

3416

answered Dec 7 at 17:21

Kees Hessels

3416

answered Dec 7 at 17:21

Kees Hessels

3416

answered Dec 7 at 17:21

Kees Hessels

3416

add a comment |

up vote
0
down vote

I use Laravel 5.7
I had the same problem and it was because the csrf token wasn't in the form, so adding

@csrf

fixed the problem

answered Dec 14 at 14:31

Karim Samir

693711

add a comment |

up vote
0
down vote

I use Laravel 5.7
I had the same problem and it was because the csrf token wasn't in the form, so adding

@csrf

fixed the problem

answered Dec 14 at 14:31

Karim Samir

693711

add a comment |

up vote
0
down vote

I use Laravel 5.7
I had the same problem and it was because the csrf token wasn't in the form, so adding

@csrf

fixed the problem

answered Dec 14 at 14:31

Karim Samir

693711

I use Laravel 5.7
I had the same problem and it was because the csrf token wasn't in the form, so adding

@csrf

fixed the problem

answered Dec 14 at 14:31

Karim Samir

693711

answered Dec 14 at 14:31

Karim Samir

693711

answered Dec 14 at 14:31

Karim Samir

693711

answered Dec 14 at 14:31

Karim Samir

693711

add a comment |

up vote
-1
down vote

I have had similar problem and I found a solution to that

if you are echo or print something from controller while return to view this problem will pop up.

so make sure that you are not using echo or print when your controller returns

answered Nov 29 at 5:52

lionshell

This doesn't really add anything to the existing answers.
– Haldo
Dec 15 at 2:32

add a comment |

up vote
-1
down vote

I have had similar problem and I found a solution to that

if you are echo or print something from controller while return to view this problem will pop up.

so make sure that you are not using echo or print when your controller returns

answered Nov 29 at 5:52

lionshell

This doesn't really add anything to the existing answers.
– Haldo
Dec 15 at 2:32

add a comment |

up vote
-1
down vote

I have had similar problem and I found a solution to that

if you are echo or print something from controller while return to view this problem will pop up.

so make sure that you are not using echo or print when your controller returns

answered Nov 29 at 5:52

lionshell

I have had similar problem and I found a solution to that

if you are echo or print something from controller while return to view this problem will pop up.

so make sure that you are not using echo or print when your controller returns

answered Nov 29 at 5:52

lionshell

answered Nov 29 at 5:52

lionshell

answered Nov 29 at 5:52

lionshell

answered Nov 29 at 5:52

lionshell

This doesn't really add anything to the existing answers.
– Haldo
Dec 15 at 2:32

add a comment |

This doesn't really add anything to the existing answers.
– Haldo
Dec 15 at 2:32

This doesn't really add anything to the existing answers.
– Haldo
Dec 15 at 2:32

add a comment |

up vote
-3
down vote

<form method="POST" action="{{ url('foo') }}" >



or 

composer update or composer install



or 

in your Http/Kernel.php comment this line (not recommended)

// AppHttpMiddlewareVerifyCsrfToken::class,

answered Nov 7 at 3:48

Hamelraj

2,1222828

3

CSRF tokens are a security feature. Disabling verification might make the error go away, but it leaves a vulnerability without solving the problem or helping you figure out what caused it
– Travis Britz
Nov 7 at 6:10

add a comment |

up vote
-3
down vote

<form method="POST" action="{{ url('foo') }}" >



or 

composer update or composer install



or 

in your Http/Kernel.php comment this line (not recommended)

// AppHttpMiddlewareVerifyCsrfToken::class,

answered Nov 7 at 3:48

Hamelraj

2,1222828

3

CSRF tokens are a security feature. Disabling verification might make the error go away, but it leaves a vulnerability without solving the problem or helping you figure out what caused it
– Travis Britz
Nov 7 at 6:10

add a comment |

up vote
-3
down vote

<form method="POST" action="{{ url('foo') }}" >



or 

composer update or composer install



or 

in your Http/Kernel.php comment this line (not recommended)

// AppHttpMiddlewareVerifyCsrfToken::class,

answered Nov 7 at 3:48

Hamelraj

2,1222828

<form method="POST" action="{{ url('foo') }}" >



or 

composer update or composer install



or 

in your Http/Kernel.php comment this line (not recommended)

// AppHttpMiddlewareVerifyCsrfToken::class,

answered Nov 7 at 3:48

Hamelraj

2,1222828

answered Nov 7 at 3:48

Hamelraj

2,1222828

answered Nov 7 at 3:48

Hamelraj

2,1222828

answered Nov 7 at 3:48

Hamelraj

2,1222828

3

CSRF tokens are a security feature. Disabling verification might make the error go away, but it leaves a vulnerability without solving the problem or helping you figure out what caused it
– Travis Britz
Nov 7 at 6:10

add a comment |

3

CSRF tokens are a security feature. Disabling verification might make the error go away, but it leaves a vulnerability without solving the problem or helping you figure out what caused it
– Travis Britz
Nov 7 at 6:10

CSRF tokens are a security feature. Disabling verification might make the error go away, but it leaves a vulnerability without solving the problem or helping you figure out what caused it
– Travis Britz
Nov 7 at 6:10

add a comment |

draft saved

draft discarded

Thanks for contributing an answer to Stack Overflow!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

Some of your past answers have not been well-received, and you're in danger of being blocked from answering.

Please pay close attention to the following guidance:

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Ndtyjky