Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Laravel 5 and Internet Explorer : Token Mismatch

My Laravel5 website uses csrf tokens to prevent CSRF attacks. On Chrome and Firefox, eveything works fine.

I submitted the site for my client to test and, when he uses Internet Explorer (9/10), he has "Token mismatch" errors on evey page using the token.

I assume it is a cookie/session issue.

After some research, I tried removing the slash in the cookie name ("laravel_session"), and changing the session driver ("file" by default). It didn't help.

I know my client could change its "trust policies" in IE but it's a public site and this would only be a temporary solution.

Any thoughs on that weird issue?

like image 593
Didier Sampaolo Avatar asked Jun 18 '15 06:06

Didier Sampaolo


People also ask

What causes CSRF token mismatch error in Laravel?

Change CSRF Token Mismatch Error Message In Laravel As per our real-life experience we found that this error occurs due to the following reasons: You might forget to include a hidden CSRF (cross-site request forgery) token field in the form.

What is tokenmismatchexception in Laravel?

TokenMismatchException (Solution) In Laravel 5, by default you have CSRF in every single POST. If you are new to Laravel and you use the usual HTML code to create inputs and forms then you will definitely encounter that error.

How to avoid tokenmismatchexception on logout?

How to avoid TokenMismatchException on logout? If you stay too long on one form or get away from your computer, and then go back to fill it in – you may get a TokenMismatchException, because the CSRF token won’t be the same. It kinda makes sense, but the problem I recently discovered that it does the same for logout (which is also a form).

Why can't I create inputs and forms in Laravel?

If you are new to Laravel and you use the usual HTML code to create inputs and forms then you will definitely encounter that error. Also, if you are coming from Laravel 4, again you might not know how to solve this error since 'Illuminate\Html\HtmlServiceProvider' is not installed by default anymore and HTML inputs and form have to be used.


2 Answers

I am not sure about your case. But I just encountered same issue today. Only IE got problem. FF and chrome works fine.

I then realize that it's the time/date at the server is wrong. Set the server to current date, then everything is working now.

I guess it's because the server will set cookie expiration according to its own time, and at the client, IE will delete the cookies immediately if the server lags behind. Just my guess.

Hope it can solve your case too. Good luck.

like image 102
user534498 Avatar answered Sep 21 '22 10:09

user534498


In my case the problem was the server time. I read somewhere that if the server time is older than the client, IE clear the cookies. Then I notice that the server time here was 8 hours late. After fixing this, the Token Mismatch Error disappear.

like image 24
Rebecca Moraes Avatar answered Sep 20 '22 10:09

Rebecca Moraes