My Laravel5 website uses csrf tokens to prevent CSRF attacks. On Chrome and Firefox, eveything works fine.
I submitted the site for my client to test and, when he uses Internet Explorer (9/10), he has "Token mismatch" errors on evey page using the token.
I assume it is a cookie/session issue.
After some research, I tried removing the slash in the cookie name ("laravel_session"), and changing the session driver ("file" by default). It didn't help.
I know my client could change its "trust policies" in IE but it's a public site and this would only be a temporary solution.
Any thoughs on that weird issue?
Change CSRF Token Mismatch Error Message In Laravel As per our real-life experience we found that this error occurs due to the following reasons: You might forget to include a hidden CSRF (cross-site request forgery) token field in the form.
TokenMismatchException (Solution) In Laravel 5, by default you have CSRF in every single POST. If you are new to Laravel and you use the usual HTML code to create inputs and forms then you will definitely encounter that error.
How to avoid TokenMismatchException on logout? If you stay too long on one form or get away from your computer, and then go back to fill it in – you may get a TokenMismatchException, because the CSRF token won’t be the same. It kinda makes sense, but the problem I recently discovered that it does the same for logout (which is also a form).
If you are new to Laravel and you use the usual HTML code to create inputs and forms then you will definitely encounter that error. Also, if you are coming from Laravel 4, again you might not know how to solve this error since 'Illuminate\Html\HtmlServiceProvider' is not installed by default anymore and HTML inputs and form have to be used.
I am not sure about your case. But I just encountered same issue today. Only IE got problem. FF and chrome works fine.
I then realize that it's the time/date at the server is wrong. Set the server to current date, then everything is working now.
I guess it's because the server will set cookie expiration according to its own time, and at the client, IE will delete the cookies immediately if the server lags behind. Just my guess.
Hope it can solve your case too. Good luck.
In my case the problem was the server time. I read somewhere that if the server time is older than the client, IE clear the cookies. Then I notice that the server time here was 8 hours late. After fixing this, the Token Mismatch Error disappear.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With