After following this tutorial, sessions seem to have stopped working. I am passing csrf tokens through the @csrf tag, but it returns a 419 error every time anyone submits a form (i.e. login form).
What is causing this issue and how can I resolve it?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hi @jurjenverbruggen,

Are you passing the @csrf in your form or outside of it? It should be like so

<form method="POST" action="/profile">
    @csrf
    ...
</form>

an often mistake is setting it like so

@csrf
<form method="POST" action="/profile">

    ...
</form>

Please use the first method as it’s the correct one. Additionally, you can ceck for the CSRF token as a POST parameter, the VerifyCsrfToken middleware will also check for the X-CSRF-TOKEN request header. You could, for example, store the token in an HTML meta tag:

<meta name="csrf-token" content="{{ csrf_token() }}">

Regards,
KFSys

Hi @KFSys,

Thank you for your time.

  1. The @csrf is inside my form tags already. It works fine in my development environment, but after I have built the application in a container, it stops working.

  2. It is probably because of the fact that I upgraded my application from Laravel 5 to Laravel 8 recently. Before that, it worked just as well in a container as in my dev environment. What do you think might have changed?

  3. The meta tag was already in my headers, so that didn’t solve it.
    When inspecting the browser the meta tag IS filled in, so it does have a CSRF token for the user.

  4. I suspect it has something to do with the session driver: file. Maybe it cannot save data inside the container? When trying session driver: cookie, it doesn’t work either, which again, it did work in Laravel 5.

I look forward to hearing from you.

Submit an Answer