Geek Answers Handbook

Laravel 5 and Internet Explorer: Token Mismatch

My Laravel5 website uses csrf tokens to prevent CSRF attacks. In Chrome and Firefox, everything works fine.

I sent a site to check my client and when it uses Internet Explorer (9/10), it has "Token mismatch" errors on the evey page using the token.

I assume this is a cookie / session issue.

After some research, I tried to remove the slash in the cookie name ("laravel_session") and change the session driver (default "file"). It did not help.

I know that my client can change their "trust policies" in IE, but this is a public site, and this will only be a temporary solution.

Are there any strange problems?

+6
internet-explorer php csrf laravel-5 csrf-protection
source share
4 answers

I am not sure about your case. But today I faced the same problem. Only IE has a problem. FF and chrome work fine.

Then I understand that the time / date on the server is incorrect. Set the server to the current date, then everything will work.

I assume, because the server will set the cookie expiration according to its time, and on the client IE will immediately delete cookies if the server is behind. Just think.

I hope he can solve your case too. Good luck.

+4
source share

I had the same problem and it was fixed for me in order to change my .htaccess expiration options:

<IfModule mod_expires.c> ExpiresActive On ExpiresDefault A0 ExpiresByType text/html A0 # Set up caching on media files for 1 year <FilesMatch "\.(jpg|png|gif|js|css|ico|woff|woff2|eot|svg|ttf)$"> ExpiresDefault A31536000 </FilesMatch> </IfModule>

Prior to that, my ExpiresDefault was A31536000, and I did not have the text ExpiresByType / html.

+2
source share

In my case, the problem was server time. I read somewhere that if the server time is older than the client, IE will clear the cookies. Then I notice that the server time here is 8 hours late. After fixing the error, the Token disagreement error will disappear.

+2
source share

I ran into the same problem and this was due to a P3P error. Faced a problem on Edge (Windows 10).

I did a lot of research and finally got better.

All you have to do is create a new middleware and trick the descriptor function,

 public function handle($request, Closure $next) { $response = $next($request); $response->header('P3P', 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"'); return $response; }

Explained it in detail on

https://robinz.in/csrf-token-session-error-with-laravel-on-ie-edge/

+1
source share

More articles:


All Articles