Token Mismatch Exception on Login (Laravel)

laravel

11,356

Solution 1

Laravel makes a quite esoteric use of sessions, and when the user cookie and the user salt in stored in the database disalign for some reason (for example, when you re-seed your user table), you get a Token Mismatch Exception without further explanation.

If that's the case, just delete your cookies.

Solution 2

I had this problem on login also. From time to time this exception occurred so I stop and tried to reproduce it. I succeed by doing this:

First I load the login page.

Then I deleted the cookies.

Then, without reloading the login page, I entered username and password and tried to login.

Because session was deleted (when I deleted the cookies), it was normal that this code was not going to pass and it will throw the TokenMismatchException.

Route::filter('csrf', function() {
    if ( Session::getToken() != Input::get('_token')) {
        throw new Illuminate\Session\TokenMismatchException;
    }
});

So, what I've done to solve my problem was to add a redirect to login page with a message to inform the user that the session might expired.

Route::filter('csrf', function() {
    if ( Session::getToken() != Input::get('_token')) {
        return Redirect::to('/admin/login')->with('warning', 'Your session has expired. Please try logging in again.');
    }
});

Thus, after page reloading, a new session is created and the problem is solved.

Solution 3

Check your route:list to see if Login is protected by web middleware. In my case, I made mistake by adding web middileware to login route where it should be guest middleware.

Solution 4

/config/session.php set that info 'expire_on_close' => true, save and load again ur site you wont get anymore the issue with Token Mismatch Exception on Login

View more solutions

11,356

Sainath Krishnan

Updated on September 15, 2022

Comments

Sainath Krishnan over 1 year

I followed this tutorial on creating a registration and login page using Laravel.

Everything works smoothly, the only issue is that I am unable to Login. If I provide the wrong username/password, it correctly gives me an error message. But if I use the right credentials, I get the following error -

Illuminate \ Session \ TokenMismatchException

This is my (default) csrf function -

Route::filter('csrf', function()
{
    if (Session::token() != Input::get('_token'))
    {
        throw new Illuminate\Session\TokenMismatchException;
    }
});

This is the form action -

{{ Form::open(array('url'=>'signin', 'class'=>'form-signin')) }}

And this is the relevant portion of my UsersController

public function __construct() {
$this->beforeFilter('csrf', array('on'=>'post'));
$this->beforeFilter('auth', array('only'=>array('getDashboard')));

}
public function postSignin() {
       if (Auth::attempt(array('email'=>Input::get('email'), 'password'=>Input::get('password')))) {
            return Redirect::to('dashboard')->with('message', 'You are now logged in!');
        } else {
            return Redirect::to('login')
            ->with('message', 'Your username/password combination was incorrect')
            ->withInput();
    }  
}

public function getDashboard() {
    $this->layout->content = View::make('users.dashboard');
}