After migrating Laravel project Domain (.in to .institute) & Hosting (namecheap to name.com), everything works fine. When I tried to Login or Signup on Chrome & Edge etc. browser, it returns "419 PAGE EXPIRED" error. But when I tried to Login or Signup on DuckDuckGo etc. browser, then it works fine. I tried to clean cache, config, generate:keys, checked & changed csrf token, fixed SSL & etc. every solution what I have found over the internet. But none of solve these issues. What else I can do!
#View
@section('title', 'Login')
@include('theme.head')
@include('admin.message')
<!-- end head -->
<!-- body start-->
<body>
<!-- top-nav bar start-->
<section id="nav-bar" class="nav-bar-main-block nav-bar-main-block-one">
<div class="container-fluid">
<div class="row">
<div class="col-lg-4 col-4">
<div class="nav-bar-btn">
<a href="{{ url('/') }}" class="btn btn-secondary" title="Home"><i class="fa fa-chevron-left"></i>{{ __('frontstaticword.Backtohome') }}</a>
</div>
</div>
<div class="col-lg-4 col-4">
<div class="logo text-center">
@php
$logo = AppSetting::first();
@endphp
@if($logo->logo_type == 'L')
<a href="{{ url('/') }}" title="logo"><img src="{{ asset('images/logo/'.$logo->logo) }}" class="img-fluid" alt="logo"></a>
@else()
<a href="{{ url('/') }}"><b><div class="logotext">{{ $logo->project_title }}</div></b></a>
@endif
</div>
</div>
<div class="col-lg-4 col-4">
<div class="Login-btn txt-rgt">
<a href="{{ route('register') }}" class="btn btn-primary" title="signup">{{ __('frontstaticword.Signup') }}</a>
</div>
</div>
</div>
</div>
</section>
<!-- top-nav bar end-->
<!-- Signup start-->
<section id="signup" class="signup-block-main-block">
<div class="container">
<div class="col-md-6 offset-md-3">
<div class="signup-heading">
{{ __('frontstaticword.LogIntoYour') }} {{ $project_title }} {{ __('frontstaticword.Account') }}!
</div>
<div class="signup-block">
<div class="signin-link btm-10">
<div class="row">
@if($gsetting->fb_login_enable == 1)
<div class="col-lg-6">
<a href="{{ url('/auth/facebook') }}" title="facebook" class="btn btn-info btm-10" title="Facebook"><i class="fa fa-facebook"></i>{{ __('frontstaticword.ContinuewithFacebook') }}</a>
</div>
@endif
@if($gsetting->google_login_enable == 1)
<div class="col-lg-6">
<div class="google">
<a href="{{ url('/auth/google') }}" title="google" class="btn btn-white btm-10" title="google"><i class="fab fa-google"></i>{{ __('frontstaticword.ContinuewithGoogle') }}</a>
</div>
</div>
@endif
@if($gsetting->amazon_enable == 1)
<div class="col-lg-6">
<div class="signin-link amazon-button">
<a href="{{ url('/auth/amazon') }}" title="amazon" class="btn btn-info btm-10" title="Amazon"><i class="fab fa-amazon"></i>{{ __('frontstaticword.ContinuewithAmazon') }}</a>
</div>
</div>
@endif
@if($gsetting->linkedin_enable == 1)
<div class="col-lg-6">
<div class="signin-link linkedin-button">
<a href="{{ url('/auth/linkedin') }}" title="linkedin" class="btn btn-info btm-10" title="Linkedin"><i class="fab fa-linkedin"></i>{{ __('frontstaticword.ContinuewithLinkedin') }}</a>
</div>
</div>
@endif
@if($gsetting->twitter_enable == 1)
<div class="col-lg-6">
<div class="signin-link twitter-button">
<a href="{{ url('/auth/twitter') }}" title="twitter" class="btn btn-info btm-10" title="Twitter"><i class="fab fa-twitter"></i>{{ __('frontstaticword.ContinuewithTwitter') }}</a>
</div>
</div>
@endif
@if($gsetting->gitlab_login_enable == 1)
<div class="col-lg-6">
<div class="signin-link btm-10">
<a href="{{ url('/auth/gitlab') }}" title="gitlab" class="btn btn-white" title="gitlab"><i class="fab fa-gitlab"></i>{{ __('frontstaticword.ContinuewithGitLab') }}</a>
</div>
</div>
@endif
</div>
<form method="POST" class="signup-form" action="{{ route('login') }}">
@csrf
<div class="form-group">
<i class="fa fa-envelope" aria-hidden="true"></i>
<input id="email" type="email" class="form-control{{ $errors->has('email') ? ' is-invalid' : '' }}" placeholder="Enter Your E-Mail" name="email" value="{{ old('email') }}" required autofocus>
@if ($errors->has('email'))
<span class="invalid-feedback" role="alert">
<strong>{{ $errors->first('email') }}</strong>
</span>
@endif
</div>
<div class="form-group">
<i class="fa fa-lock" aria-hidden="true"></i>
<input id="password" type="password" class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" placeholder="Enter Your Password" name="password" required>
@if ($errors->has('password'))
<span class="invalid-feedback" role="alert">
<strong>{{ $errors->first('password') }}</strong>
</span>
@endif
</div>
<div class="form-group">
<div class="form-check">
<input class="form-check-input" type="checkbox" name="remember" id="remember" {{ old('remember') ? 'checked' : '' }}>
<label class="form-check-label" for="remember">
{{ __('Remember Me') }}
</label>
</div>
</div>
<div class="form-group">
<button type="submit" class="btn btn-primary">
{{ __('frontstaticword.Login') }}
</button>
<br>
<br>
<div class="forgot-password text-center btm-20"><a href="{{ 'password/reset' }}" title="sign-up">{{ __('frontstaticword.ForgotPassword') }}</a>
</div>
</div>
<div class="signin-link text-center btm-20">
{{ __('frontstaticword.Bysigningup') }} <a href="{{url('terms_condition')}}" title="Policy">{{ __('frontstaticword.Terms&Condition') }} </a>, <a href="{{url('privacy_policy')}}" title="Policy">{{ __('frontstaticword.PrivacyPolicy') }}.</a>
</div>
<hr>
<div class="sign-up text-center">{{ __('frontstaticword.Donothaveanaccount') }}?<a href="{{ route('register') }}" title="sign-up"> {{ __('frontstaticword.Signup') }}</a>
</div>
</form>
</div>
</div>
</div>
</section>
<!-- Signup end-->
<!-- jquery -->
@include('theme.scripts')
<!-- end jquery -->
</body>
<!-- body end -->
</html>
#Controller
<?php
namespace AppHttpControllersAuth;
use AppHttpControllersController;
use IlluminateFoundationAuthAuthenticatesUsers;
use Auth;
use Socialite;
use AppUser;
use IlluminateSupportMessageBag;
use SpatieActivitylogContractsActivity;
use AppSetting;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
public function authenticated()
{
$gsetting = Setting::first();
if( Auth::User()->role == "instructor" || Auth::User()->role == "user")
{
if(isset($gsetting->activity_enable))
{
if($gsetting->activity_enable == '1')
{
$project = new User();
activity()
->useLog('Login')
->performedOn($project)
->causedBy(auth()->user())
->withProperties(['customProperty' => 'Login'])
->log('Logged In')
->subject('Login');
}
}
}
if (Auth::User()->status == 1)
{
if( Auth::User()->role == "admin")
{
// do your magic here
return redirect()->route('admin.index');
}
elseif( Auth::User()->role == "instructor")
{
return redirect()->route('instructor.index');
}
else
{
return redirect('/home');
}
}
else{
Auth::logout();
return redirect()->route('login')->with('delete','You are deactivated !');
}
}
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
public function socialLogin($social)
{
return Socialite::driver($social)->redirect();
}
public function handleProviderCallback($social)
{
$userSocial = Socialite::driver($social)->user();
$user = User::where(['email' => $userSocial->getEmail()])->first();
// set the remember me cookie if the user check the box
$remember = (Input::has('remember')) ? true : false;
// attempt to do the login
if(Auth::attempt(['email' => $request->get('email') , 'password' => $request->get('password') ,
'status' => 1], $request->remember)){
return redirect()->intended('/home');
}
else
{
$errors = new MessageBag(['email' => ['Email or password is invalid.']]);
return Redirect::back()->withErrors($errors)->withInput($request->except('password'));
}
if ($user) {
Auth::login($user);
return redirect()-> action('HomeController@index');
}
else {
return view('auth.register', ['name'=> $userSocial->getName(),
'email' => $userSocial->getEmail()]);
}
}
}
4
Answers
I found 'same_site' => "none" in config session file, instead of null. After changed none to null, it works fine.
This error occurs due to CSRF token verification failure, misconfigured cache, permissions, improper session settings. This error shows up when a user submits a post request. You can fix it by doing belows:
CSRF token verification failure The most common reason for the 419
error is CSRF token failure. Cross-site request forgery is a unique,
encrypted value generated by the server. This is included in the
HTTP request of the client. Later the server verifies it. If this
fails, it leads to session expired error. So, you check the CSRF
setting in the Laravel config.
Session expired error due to cache Sometimes, the cache can also
lead to session expired error in front-end. This can be both the
server cache and browser cache. So, clear the server cache using
php artisan cache:clearLaravel file and folder permissions Similarly, improper file or
folder permission can also lead to errors. Usually, web servers need
write-permissions on the Laravel folders storage and vendor. Also,
session storage needs write-permission. So, give permissions as,
chmod -R 755 storage
chmod -R 755 vendor
chmod -R 644 bootstrap/caches
Laravel session setting Last but not least, session settings can also cause a 419 error. The app/config/session.php is the session config file. Check for a few important parameters – domain and secure.
These step by step approach fixes the error and make Laravel working again.
I upgrade from laravel 7 to 8 and the
session.phpSESSION_SECURE_COOKIEhas the default ontrueput the
SESSION_SECURE_COOKIE=falseon the.envbecause on local don’t have SSL and then run:(the regular cache clear don’t do the job)
Hope it helps
If you are using this directive, you should remove it.
I’ve had this problem before (Laravel 5x) and it was solved after I removed it.
$request->session()->flush();This directive makes the csrf = empty.