The Session Expired or 419 Page Expired error message in Laravel comes up because somewhere your csrf token verification fails which means the App\Http\Middleware\VerifyCsrfToken::class middleware is already turned on. In the form the @csrf blade directive is already added, which should be fine as well.
If you've set the limit too low, or you're working on someone else's machine, a page may expire because the browser can't retain the information.
If you're coming to this answer directly from a search, make sure you have already added the csrf token to your form with {{ csrf_field() }}
like the OP.
If you have your session driver set to file:
May have something to do with the storage_path not being writable. This is where it stores session data regarding tokens if you're using file based sessions. The can be verified with is_writable(config('session.files'))
For the OP, the session driver was set to array. Array is for testing only. Since data is not persisted, it will not be able to compare the token on the next request.
The array driver is used during testing and prevents the data stored in the session from being persisted.
https://laravel.com/docs/5.5/session#configuration
Check config/session.php
Lastly, an issue I just had, we had a project which has the session domain and secure settings in config/session.php but the development site was not using HTTPS (SSL/TLS). This caused this generic error since sessions.secure was set to true by default.
I ran into the same issue in Laravel 5.5. In my case, it happened after changing a route from GET to POST. The issue was because I forgot to pass a CSRF token when I switched to POST.
You can either post a CSRF token in your form by calling:
{{ csrf_field() }}
Or exclude your route in app/Http/Middleware/VerifyCsrfToken.php
protected $except = [
'your/route'
];
Try all of them.
composer dump-autoload
php artisan optimize
php artisan cache:clear
php artisan config:clear
php artisan route:clear
php artisan view:clear
This caused because of Illuminate\Session\TokenMismatchException
look at this code sample how to handle it properly:
https://gist.github.com/jrmadsen67/bd0f9ad0ef1ed6bb594e
My case was solved with SESSION_DOMAIN
, in my local machine had to be set to xxx.localhost
. It was causing conflicts with the production SESSION_DOMAIN
, xxx.com
that was set directly in the session.php config file.
Some information is stored in the cookie which is related to previous versions of laravel in development. So it's conflicting with csrf generated tokens which are generated by another's versions. Just Clear the cookie and give a try.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With