[Solved 2022] Laravel 419 page expired after login

by Dillon -

Laravel

Laravel is the most popular PHP framework, dominating the space since 2014, and the chosen framework by many new PHP developers. Many new developers run into the same errors when first using the framework, the most common being a 419 Page Expired error. 

What is CSRF?

Cross-Site Request Forgery is a type of attack which can occur when a malicious website or web application causes a user’s web browser to perform actions on trusted sites where the user is already authenticated. To prevent these attacks, Laravel uses CSRF tokens in forms to make it easy to protect your website. If there is a verification failure of the CSRF token, misconfigured cache, or permissions, Laravel will throw a 419 Page Expired error. 

How to fix 419 Page Expired in Laravel? 

1. CSRF verification failure

Laravel generates a CSRF token for every user session, so ensure you have included the CSRF token field in all your HTML forms. Blade provides some convenient ways of adding the CSRF token field to your forms. 

<form action=“” method=“post”>
@csrf
Or
{{ csrf_field() }}
<!— Your input fields here —>
</form> 

2. Clear your cache

Out of the box, Laravel uses the file cache driver to store serialized cached objects in the file system. Sometimes, the cache can cause session expired errors in the front-end. 

Clear your serve cache using the following command: 

php artisan cache:clear 

Sometimes it may also be required to clear your browser cache.

3. Permissions

Sometimes, incorrect file permissions can also cause errors. Laravel needs read-write permission to the storage directories and cache directories. 

Chmod -R 755 storage 

Chmod -R 755 bootstrap/cache 

Remember: Never set file or folder permissions to 777.

It is also worth ensuring the sessions and cache directories exist in the /storage/framework directory. 

Conclusion

There are a number of reasons for the 419 page expired error to occur in Laravel. Its best practice to ensure you utilize the tools made available in the framework, and the files have the correct permissions.

You can learn more about Laravel and how it uses CSRF tokens from the official documentation.

Dillon Smart

👋 Hey, I'm Dillon!

I’m a Full-Stack developer in the UK, building websites and applications for around 12 years, landing my first full-time job as a developer in 2015.

Feel free to reach out on Twitter!

Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.