5

I get the error The page has expired due to inactivity. Please refresh and try again. on a Laravel 5.6.39. In Chrome "Network tab" says error login - 419 unknown status

As soon as I refresh the page, I immediately get the error. So I never see the login view anymore, then I'm stuck. Think to common users that have no experience and only try to refresh the page. If it doesn't work they leave your app.

I can reproduce the error following these steps:

  • go to login view
  • enter username and password and don't check "remember me" flag
  • wait that session expires (for test purpose I set SESSION_LIFETIME to 1 minute)
  • hit Login button and I get that error

I already read and tried the most common causes:

  • @csrf is present in the login form (it's the default authentication by Laravel)
  • the folder storage has 755 but tried also with 775 and 777
  • tried to launch php artisan cache:clear php artisan config:clear php artisan route:clear php artisan view:clear php artisan config:cache php artisan key:generate
  • I'm using the default SESSION_DRIVER=file but in production I also tried to replace it with SESSION_DRIVER=cookie with SESSION_DOMAIN=https://app.my-domain.com/

Here you'll find my code (controllers, view, routes, .env, ...): https://gist.github.com/dangelion/aa7fc54ea75f7b2d6062fc79f07e04e8

I really have no more idea to solve this. Some helps? Thanks

Improve this question
2
  • Comments are not for extended discussion; this conversation has been moved to chat. Commented Feb 1, 2019 at 0:16
  • Was a nice solution ever decided upon @Fred K ? Commented Jun 24, 2019 at 2:12

3 Answers 3

Reset to default
1

When we update our application, a browser may still use old files. If you don’t clear your cache, Old files can access problems when you apply.

after add @csrf in form Clear the browser cache and now hope this might work

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

We already have the @csrf but everytime I refresh the page the error persists, so I'm stuck
@FredK Clear the browser cache and reload page and check
It's not a solution. Think to common users that have no experience and only try to refresh the page. If it doesn't work they leave your app. How can solve this situation?
@FredK First of all tell me, you have tried to clear the browser cache? after a clear cache You're still getting an error ?
1

Well, I have faced the same issue, and to what I know so far, this is a session related problem. what worked for me is (after trying so many different solutions) :

SESSION_DRIVER=cookie with SESSION_DOMAIN=null that's all

after I spent almost hours trying to figure out the solution.

N.B: this issue has a variety of solutions depends on your particular case/settings. so my solution here one of them.

Improve this answer

1 Comment

Point deserver. That hit the bull's eye for me too when trying to make it work on GitActions. Would be curious whether it's a requirement for GitActions. If anyone has the experience, please share.
-1

It looks like that you have cache issues. Try following steps in the order I am writing them;

  1. Make sure @csrf is present right after the form tag starts in your form like so:
<form method="POST" action="/profile">
    @csrf

  1. Run following commands:

    • php artisan view:clear
    • php artisan route:clear
    • php artisan cache:clear
    • php artisan config:clear
    • composer dump-autoload

  2. Check the app now in an incognito browser window.

If it works, hurray.

Now you might think that its not valid as you cant ask users of your app to access the app in incognito window. Well, here is how standard web app process works:

  • we usually have three servers
    1. Dev
    2. Staging
    3. Production

and we develope and get all these errors on dev server, only after we resolve all this, we push it to staging server, then we test there. Only after all is resolved on staging, then we push final code to production server.

Hence user using app on production server dont need to do anything.

If you are doing all this on ONE server, you might consider doing it properly to avoid situations like this. makes sense?

I hope it helps.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.