skip to Main Content

Hello !

Problem :


If i’m pushing the form for register an user, i got an 419 Page Expired

I search here for my problem :

-1. Stackoverflow Expired due inactivity : without success for my problem

-2. Laracast Session expired : without success for my problem

-3. Laracast 419 error when submitting form on prod server : without success for my problem

i think is a csrf token bug or miss configure file

My configuration files:

my .env:

APP_NAME=Laravel
APP_ENV=local
APP_KEY=base64:7/Xz39xIIlpTf0mfMGD3l69NqHMbykHLFKglaAps4Rk=
APP_DEBUG=true
APP_URL=http://localhost <- here i have try with my address and my ip. 
LOG_CHANNEL=stack
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE= <- some parameter here
DB_USERNAME= <- some parameter here
DB_PASSWORD= <- some parameter here
BROADCAST_DRIVER=log
CACHE_DRIVER=file
QUEUE_CONNECTION=sync
SESSION_DRIVER=file
SESSION_LIFETIME=120
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

my config/session.php

<?php

use IlluminateSupportStr;

return [

/*
|--------------------------------------------------------------------------
| Default Session Driver
|--------------------------------------------------------------------------
|
| This option controls the default session "driver" that will be used on
| requests. By default, we will use the lightweight native driver but
| you may specify any of the other wonderful drivers provided here.
|
| Supported: "file", "cookie", "database", "apc",
|            "memcached", "redis", "dynamodb", "array"
|
*/

'driver' => env('SESSION_DRIVER', 'file'),

/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/

'lifetime' => env('SESSION_LIFETIME', 120),

'expire_on_close' => false,

/*
|--------------------------------------------------------------------------
| Session Encryption
|--------------------------------------------------------------------------
|
| This option allows you to easily specify that all of your session data
| should be encrypted before it is stored. All encryption will be run
| automatically by Laravel and you can use the Session like normal.
|
*/

'encrypt' => true,

/*
|--------------------------------------------------------------------------
| Session File Location
|--------------------------------------------------------------------------
|
| When using the native session driver, we need a location where session
| files may be stored. A default has been set for you but a different
| location may be specified. This is only needed for file sessions.
|
*/

'files' => storage_path('framework/sessions'),

/*
|--------------------------------------------------------------------------
| Session Database Connection
|--------------------------------------------------------------------------
|
| When using the "database" or "redis" session drivers, you may specify a
| connection that should be used to manage these sessions. This should
| correspond to a connection in your database configuration options.
|
*/

'connection' => env('SESSION_CONNECTION', null),

/*
|--------------------------------------------------------------------------
| Session Database Table
|--------------------------------------------------------------------------
|
| When using the "database" session driver, you may specify the table we
| should use to manage the sessions. Of course, a sensible default is
| provided for you; however, you are free to change this as needed.
|
*/

'table' => 'sessions',

/*
|--------------------------------------------------------------------------
| Session Cache Store
|--------------------------------------------------------------------------
|
| When using the "apc", "memcached", or "dynamodb" session drivers you may
| list a cache store that should be used for these sessions. This value
| must match with one of the application's configured cache "stores".
|
*/

'store' => env('SESSION_STORE', null),

/*
|--------------------------------------------------------------------------
| Session Sweeping Lottery
|--------------------------------------------------------------------------
|
| Some session drivers must manually sweep their storage location to get
| rid of old sessions from storage. Here are the chances that it will
| happen on a given request. By default, the odds are 2 out of 100.
|
*/

'lottery' => [2, 100],

/*
|--------------------------------------------------------------------------
| Session Cookie Name
|--------------------------------------------------------------------------
|
| Here you may change the name of the cookie used to identify a session
| instance by ID. The name specified here will get used every time a
| new session cookie is created by the framework for every driver.
|
*/

'cookie' => env(
    'SESSION_COOKIE',
    Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
),

/*
|--------------------------------------------------------------------------
| Session Cookie Path
|--------------------------------------------------------------------------
|
| The session cookie path determines the path for which the cookie will
| be regarded as available. Typically, this will be the root path of
| your application but you are free to change this when necessary.
|
*/

'path' => '/',

/*
|--------------------------------------------------------------------------
| Session Cookie Domain
|--------------------------------------------------------------------------
|
| Here you may change the domain of the cookie used to identify a session
| in your application. This will determine which domains the cookie is
| available to in your application. A sensible default has been set.
|
*/

'domain' => env('SESSION_DOMAIN', null),

/*
|--------------------------------------------------------------------------
| HTTPS Only Cookies
|--------------------------------------------------------------------------
|
| By setting this option to true, session cookies will only be sent back
| to the server if the browser has a HTTPS connection. This will keep
| the cookie from being sent to you if it can not be done securely.
|
*/

'secure' => env('SESSION_SECURE_COOKIE'),

/*
|--------------------------------------------------------------------------
| HTTP Access Only
|--------------------------------------------------------------------------
|
| Setting this value to true will prevent JavaScript from accessing the
| value of the cookie and the cookie will only be accessible through
| the HTTP protocol. You are free to modify this option if needed.
|
*/

'http_only' => true,

/*
|--------------------------------------------------------------------------
| Same-Site Cookies
|--------------------------------------------------------------------------
|
| This option determines how your cookies behave when cross-site requests
| take place, and can be used to mitigate CSRF attacks. By default, we
| will set this value to "lax" since this is a secure default value.
|
| Supported: "lax", "strict", "none", null
|
*/

'same_site' => 'lax',];

my resource/view/register.blade.php

I have added the csrf token in the meta tag to try if that can resolve my problem but no nothing.

–head–

<head>
<title>Register</title>
<meta charset="UTF-8">
<meta name="csrf-token" content="{{ csrf_token() }}">
<meta name="viewport" content="width=device-width, initial-scale=1">
</head>

–starting content of y register .blade.php

 <div class="limiter">
    <div class="container-login100 ">
        <div class="wrap-login100">
            <div class="login100-pic js-tilt" data-tilt>
                <img src="{{ asset('assets/images/mask.jpg') }}" alt="IMG">
            </div>
             @if (session()->has('message'))
                <p class="alert alert-info">
                    {{ session()->get('message') }}
                </p>
            @endif
            <form class="login100-form validate-form" action="{{ route('register') }}" 
                  method="POST">
               {{ csrf_field() }}
            <!-- some fields here -->

I have try many configuration but everything let me on the ass 🙂

If someone had the same problem and knew how to fix it, I would be happy to receive your response and try the fix.

Answer if you need more configuration file or another.

Thank you !

2

Answers


  1. There are a few things you can try to fix this.
    Typically this error occurs when you are missing your csrf token within your form, but it looks like you’ve already got that there. Here are a few things you can try

    *Try clearing your cache and config via

    php artisan config:cache

    php artisan cache:clear

    If you’ve been messing around with config files, this will clear the cache and apply your changes.

    *Try to generate a new app key, which will flush the session data.

    php artisan key:generate
    

    *It looks like you are using the file session driver, which means sessions are stored in storage/framework/sessions, you might have permission issues with the /storage directory.

    *Try adding SESSION_DOMAIN=mydomain.com to your .env file, then clear your cache.

    *Try hard refreshing your browser with CTRL + F5

    Login or Signup to reply.
  2. I came across the strange thing that helped me solved the 419 problem in Laravel while login form submission.

    I was working on the laravel on localhost (under XAMPP). The problem appeared suddenly without making any changes to the source code. And it helped me to solve the problem. The only thing I’ve done was the installation of another project under XAMPP that required changes in php.ini file – exactly mbstring.func_overload = 2. After removing this from config 419 error disappeared.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search