Laravel returns "419 PAGE EXPIRED;" After Signin/Register on Chrome & Edge browser etc

Question

After migrating Laravel project Domain (.in to .institute) & Hosting (namecheap to name.com), everything works fine. When I tried to Login or Signup on Chrome & Edge etc. browser, it returns "419 PAGE EXPIRED" error. But when I tried to Login or Signup on DuckDuckGo etc. browser, then it works fine. I tried to clean cache, config, generate:keys, checked & changed csrf token, fixed SSL & etc. every solution what I have found over the internet. But none of solve these issues. What else I can do!

#View

@section('title', 'Login')
@include('theme.head')

@include('admin.message')

<!-- end head -->
<!-- body start-->
<body>
<!-- top-nav bar start-->
<section id="nav-bar" class="nav-bar-main-block nav-bar-main-block-one">
    <div class="container-fluid">
        <div class="row">
            <div class="col-lg-4 col-4">
                <div class="nav-bar-btn">
                    <a href="{{ url('/') }}" class="btn btn-secondary" title="Home"><i class="fa fa-chevron-left"></i>{{ __('frontstaticword.Backtohome') }}</a>
                </div>
            </div>
            <div class="col-lg-4 col-4">
                <div class="logo text-center">
                    @php
                        $logo = App\Setting::first();
                    @endphp

                    @if($logo->logo_type == 'L')
                        <a href="{{ url('/') }}" title="logo"><img src="{{ asset('images/logo/'.$logo->logo) }}" class="img-fluid" alt="logo"></a>
                    @else()
                        <a href="{{ url('/') }}"><b><div class="logotext">{{ $logo->project_title }}</div></b></a>
                    @endif
                </div>
            </div>
            <div class="col-lg-4 col-4">
                <div class="Login-btn txt-rgt">
                    <a href="{{ route('register') }}" class="btn btn-primary" title="signup">{{ __('frontstaticword.Signup') }}</a>
                </div> 
            </div>
        </div>
    </div>
</section>

<!-- top-nav bar end-->
<!-- Signup start-->
<section id="signup" class="signup-block-main-block">
    <div class="container">
        <div class="col-md-6 offset-md-3">
            <div class="signup-heading">
                {{ __('frontstaticword.LogIntoYour') }} {{ $project_title }} {{ __('frontstaticword.Account') }}!
            </div>

            <div class="signup-block">

                <div class="signin-link btm-10">
                    <div class="row">
                        @if($gsetting->fb_login_enable == 1)
                        <div class="col-lg-6">
                                <a href="{{ url('/auth/facebook') }}" title="facebook" class="btn btn-info btm-10" title="Facebook"><i class="fa fa-facebook"></i>{{ __('frontstaticword.ContinuewithFacebook') }}</a>
                        </div>
                        @endif

                        @if($gsetting->google_login_enable == 1)
                        <div class="col-lg-6">
                            <div class="google">
                                <a href="{{ url('/auth/google') }}" title="google" class="btn btn-white btm-10" title="google"><i class="fab fa-google"></i>{{ __('frontstaticword.ContinuewithGoogle') }}</a>
                            </div>
                        </div>
                        @endif

                        @if($gsetting->amazon_enable == 1)
                        <div class="col-lg-6">
                            <div class="signin-link amazon-button">
                                <a href="{{ url('/auth/amazon') }}" title="amazon" class="btn btn-info btm-10" title="Amazon"><i class="fab fa-amazon"></i>{{ __('frontstaticword.ContinuewithAmazon') }}</a>
                            </div>
                        </div>
                        @endif

                        @if($gsetting->linkedin_enable == 1)
                        <div class="col-lg-6"> 
                            <div class="signin-link linkedin-button">
                                <a href="{{ url('/auth/linkedin') }}" title="linkedin" class="btn btn-info btm-10" title="Linkedin"><i class="fab fa-linkedin"></i>{{ __('frontstaticword.ContinuewithLinkedin') }}</a>
                            </div>
                        </div>
                        @endif

                        @if($gsetting->twitter_enable == 1)
                        <div class="col-lg-6">
                            <div class="signin-link twitter-button">
                                <a href="{{ url('/auth/twitter') }}" title="twitter" class="btn btn-info btm-10" title="Twitter"><i class="fab fa-twitter"></i>{{ __('frontstaticword.ContinuewithTwitter') }}</a>
                            </div>
                        </div>
                        @endif

                        @if($gsetting->gitlab_login_enable == 1)
                        <div class="col-lg-6">
                            <div class="signin-link btm-10">
                                <a href="{{ url('/auth/gitlab') }}" title="gitlab" class="btn btn-white" title="gitlab"><i class="fab fa-gitlab"></i>{{ __('frontstaticword.ContinuewithGitLab') }}</a>
                            </div>
                        </div>
                        @endif
                    </div>
                    

                <form method="POST" class="signup-form" action="{{ route('login') }}">
                    @csrf
                 
                    <div class="form-group">
                        <i class="fa fa-envelope" aria-hidden="true"></i>
                        <input id="email" type="email" class="form-control{{ $errors->has('email') ? ' is-invalid' : '' }}" placeholder="Enter Your E-Mail"   name="email" value="{{ old('email') }}" required autofocus>

                        @if ($errors->has('email'))
                            <span class="invalid-feedback" role="alert">
                                <strong>{{ $errors->first('email') }}</strong>
                            </span>
                        @endif
                    </div>

                    <div class="form-group">
                        <i class="fa fa-lock" aria-hidden="true"></i>
                        <input id="password" type="password" class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" placeholder="Enter Your Password" name="password" required>

                        @if ($errors->has('password'))
                            <span class="invalid-feedback" role="alert">
                                <strong>{{ $errors->first('password') }}</strong>
                            </span>
                        @endif
                    </div>
                    <div class="form-group">                       
                        <div class="form-check">
                            <input class="form-check-input" type="checkbox" name="remember" id="remember" {{ old('remember') ? 'checked' : '' }}>

                            <label class="form-check-label" for="remember">
                                {{ __('Remember Me') }}
                            </label>
                        </div>
                    </div>

                    <div class="form-group">
                        <button type="submit"  class="btn btn-primary">
                            {{ __('frontstaticword.Login') }}
                        </button>
                        <br>
                        <br>

                        <div class="forgot-password text-center btm-20"><a href="{{ 'password/reset' }}" title="sign-up">{{ __('frontstaticword.ForgotPassword') }}</a>
                        </div>

                    </div>


                    <div class="signin-link text-center btm-20">
                       {{ __('frontstaticword.Bysigningup') }} <a href="{{url('terms_condition')}}" title="Policy">{{ __('frontstaticword.Terms&Condition') }} </a>, <a href="{{url('privacy_policy')}}" title="Policy">{{ __('frontstaticword.PrivacyPolicy') }}.</a>
                    </div>
                    <hr>
                    <div class="sign-up text-center">{{ __('frontstaticword.Donothaveanaccount') }}?<a href="{{ route('register') }}" title="sign-up"> {{ __('frontstaticword.Signup') }}</a>
                    </div>
                            
                </form>
            </div>
        </div>
    </div>

</section>
<!--  Signup end-->
<!-- jquery -->
@include('theme.scripts')
<!-- end jquery -->
</body>
<!-- body end -->
</html>

#Controller

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Auth;
use Socialite;
use App\User;
use Illuminate\Support\MessageBag;
use Spatie\Activitylog\Contracts\Activity;
use App\Setting;


class LoginController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Login Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles authenticating users for the application and
    | redirecting them to your home screen. The controller uses a trait
    | to conveniently provide its functionality to your applications.
    |
    */

    use AuthenticatesUsers;

    /**
     * Where to redirect users after login.
     *
     * @var string
     */
    public function authenticated()
    {

        $gsetting = Setting::first();

        if( Auth::User()->role == "instructor" || Auth::User()->role == "user")
        {

            if(isset($gsetting->activity_enable))
            {
                if($gsetting->activity_enable == '1')
                {
                    $project = new User();

                    activity()
                       ->useLog('Login')
                       ->performedOn($project)
                       ->causedBy(auth()->user())
                       ->withProperties(['customProperty' => 'Login'])
                       ->log('Logged In')
                       ->subject('Login');

                }
            }

        }

        

        if (Auth::User()->status == 1)
        {
           
            if( Auth::User()->role == "admin") 
            {
                // do your magic here
                return redirect()->route('admin.index');
            }
            elseif( Auth::User()->role == "instructor")
            {

                return redirect()->route('instructor.index');

            }
            else
            {

                return redirect('/home');
      
            }
        }
        else{
            
            Auth::logout();
            return redirect()->route('login')->with('delete','You are deactivated !'); 
        }
    }

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest')->except('logout');
    }

    public function socialLogin($social)
    {
        return Socialite::driver($social)->redirect();
    }

    public function handleProviderCallback($social)
    {
        $userSocial = Socialite::driver($social)->user();
        $user = User::where(['email' => $userSocial->getEmail()])->first();

        // set the remember me cookie if the user check the box
        $remember = (Input::has('remember')) ? true : false;

        // attempt to do the login
       

        if(Auth::attempt(['email' => $request->get('email') , 'password' => $request->get('password') ,
        'status' => 1], $request->remember)){
        
                return redirect()->intended('/home');
        }
        else
        {
            $errors = new MessageBag(['email' => ['Email or password is invalid.']]);
            return Redirect::back()->withErrors($errors)->withInput($request->except('password'));
        }



        if ($user) {
            Auth::login($user);
            return redirect()-> action('HomeController@index');
        }
        else {
            return view('auth.register', ['name'=> $userSocial->getName(), 
                                            'email' => $userSocial->getEmail()]);
        }
    }
}

score 3 · Accepted Answer · answered Mar 27 '22 at 05:38

3

I found 'same_site' => "none" in config session file, instead of null. After changed none to null, it works fine.

answered Mar 27 '22 at 05:38

imon

113
1
1
10

score 3 · Answer 2 · edited Dec 06 '22 at 06:41

3

I upgrade from laravel 7 to 8 and the session.php SESSION_SECURE_COOKIE has the default on true

'secure' => env('SESSION_SECURE_COOKIE', true),

put the SESSION_SECURE_COOKIE=false on the .env because on local don't have SSL and then run:

php artisan optimize:clear

(the regular cache clear don't do the job)

Hope it helps

edited Dec 06 '22 at 06:41

Andrii Bodnar

1,672
2
17
24

answered Nov 29 '22 at 23:01

Sebastián Acevedo

31
4

score 1 · Answer 3 · answered Mar 20 '22 at 07:06

This error occurs due to CSRF token verification failure, misconfigured cache, permissions, improper session settings. This error shows up when a user submits a post request. You can fix it by doing belows:

CSRF token verification failure The most common reason for the 419 error is CSRF token failure. Cross-site request forgery is a unique, encrypted value generated by the server. This is included in the HTTP request of the client. Later the server verifies it. If this fails, it leads to session expired error. So, you check the CSRF setting in the Laravel config.
Session expired error due to cache Sometimes, the cache can also lead to session expired error in front-end. This can be both the server cache and browser cache. So, clear the server cache using php artisan cache:clear
Laravel file and folder permissions Similarly, improper file or folder permission can also lead to errors. Usually, web servers need write-permissions on the Laravel folders storage and vendor. Also, session storage needs write-permission. So, give permissions as,

chmod -R 755 storage

chmod -R 755 vendor

chmod -R 644 bootstrap/caches

Laravel session setting Last but not least, session settings can also cause a 419 error. The app/config/session.php is the session config file. Check for a few important parameters – domain and secure.

'domain' => env('SESSION_DOMAIN', null),
'secure' => env('SESSION_SECURE_COOKIE', false), // in case of cookie

These step by step approach fixes the error and make Laravel working again.

First solution not working. After implemented second one; site not working with - This page isn’t working right now .institute can't currently handle this request. HTTP ERROR 500 — imon, Mar 20 '22 at 11:23

score 0 · Answer 4 · answered Feb 28 '23 at 13:10

0

If you are using this directive, you should remove it.

I've had this problem before (Laravel 5x) and it was solved after I removed it.

$request->session()->flush();

This directive makes the csrf = empty.

answered Feb 28 '23 at 13:10

adriano machado

9
2

score 0 · Answer 5 · answered Jun 18 '23 at 21:48

If none of the above solutions work, check if you have set these two variables in your local .env

SANCTUM_STATEFUL_DOMAINS=
SESSION_DOMAIN=

In my case, I tried Sanctum for authentication, but ended up switching to a different authentication method. I forgot to remove two variables in my local .env file that I just set for testing purposes.

Even though my localhost 127.0.0.1:8000 was part of SANCTUM_STATEFUL_DOMAINS i kept getting the "419 Page Expired" error message when trying to login.

And also in my case everything worked online (because those variables weren't set there either)

Laravel returns "419 PAGE EXPIRED;" After Signin/Register on Chrome & Edge browser etc

5 Answers5

Linked