laravel 5.5 The page has expired due to inactivity. Please refresh and try again

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP


laravel 5.5 The page has expired due to inactivity. Please refresh and try again



I'm new with Laravel and I have a problem which I don't understand.
I have а log form in my project and my method is POST. When I try a request the result is: 'The page has expired due to inactivity. Please refresh and try again.' ,but if I change the method to GET, it works fine. Can someone tell me why is that and how to fix it, because of course i need post method.





PLease show your code!.
– Renjith VR
Sep 11 '17 at 6:37




19 Answers
19



This problem comes from the CSRF token verification which fails. So either you're not posting one or you're posting an incorrect one.



The reason it works for GET is that for a GET route in Laravel, there is no CSRF token posted.



You can either post a CSRF token in your form by calling:


{{ csrf_field() }}



Or exclude your route in app/Http/Middleware/VerifyCsrfToken.php:


app/Http/Middleware/VerifyCsrfToken.php


protected $except = [
'your/route'
];





For anyone else viewing this, you can also put a meta tag in your site header which will be used with most requests.
– GoogleMac
Apr 28 at 5:36





@Erik I'm not really sure if the 2nd approach is fine. If we exclude a route in VerifyCsrfToken.php the route will be vulnerable to CSRF attack, I think
– Hiroki
Jun 7 at 5:36


VerifyCsrfToken.php





The second approach WOULD pose a security risk, this is true. However, there are use cases where you might not want to do CSRF verification. Such as AJAX calls.
– Erik Baars
Jun 20 at 12:57





@ErikBaars You still want to use CSRF if you're doing AJAX requests from an SPA to your backend. I do this with Laravel by getting the CSRF token on the initial request for the SPA and then maintaining an updated token by getting it from response headers using an HTTP interceptor.
– Colin Laws
yesterday



In my case, I've got the same error message and then figured out that I've missed to add csrf_token for the form field. Then add the csrf_token.


csrf_token


csrf_token



Using form helper that will be,


{{ csrf_field() }}



Or without form helper that will be,


<input type="hidden" name="_token" value="{{ csrf_token() }}">



If that doesn't work, then-



Refresh the browser cache



and now it might work, thanks.



Update For Laravel 5.6



Laravel integrates new @csrf instead of {{ csrf_field() }}. That looks more nice now.


@csrf


{{ csrf_field() }}


<form action="">
@csrf
...
</form>



Anytime you define an HTML form in your application, you should include a hidden CSRF token field in the form so that the CSRF protection middleware can validate the request. You may use the csrf_field helper to generate the token field:


csrf_field


<form method="POST" action="/profile">
{{ csrf_field() }}
...
</form>



It doesn't work, then Refresh the browser cache and now it might work,



For more details open link :- CSRF Protection



UPDATE:



With Laravel 5.6 using Blades templates, it's pretty easy.


<form method="POST" action="/profile">
@csrf
...
</form>



For more details open link :- CSRF Protection in Laravel 5.6





This is not the perfect solution. Because in case of User, how they will know that they have to delete the cache.
– Naisarg Parmar
Mar 14 at 6:41





When we update our application, a browser may still use old files. If you don’t clear your cache, Old files can access problems when you apply. for more details read this laravel.com/docs/5.5/csrf
– Udhav Sarvaiya
May 17 at 9:13



i had same problem. use 'clear browsing data' in chrome. maybe solve your problem.





This is not the perfect solution. Because in case of User, how they will know that they have to delete the cache.
– Naisarg Parmar
Mar 14 at 6:39





Exactly it is not best solution.
– Sayed Mohammad Amin Emrani
Mar 18 at 11:13





it worked for me after a lot of search finally this answer solved my issue
– Babak
May 22 at 13:45



Verify that your config/session.php file contains this line


'domain' => env('SESSION_DOMAIN', null),



Then remove the SESSION_DOMAIN line in your .env file


SESSION_DOMAIN



This happens because you are using the default CSRV middleware from Laravel's installation. To solve, remove this line from your Kernel.php:


AppHttpMiddlewareVerifyCsrfToken::class,



This is fine if you are build an API. However, if you are building a website this is a security verification, so be aware of its risks.



Just place this code inside the form


<input type = "hidden" name = "_token" value = "<?php echo csrf_token() ?>" />





Which code? You have not shared code
– Apurva Kolapkar
Dec 21 '17 at 7:12





<form method="POST" action=" "> <input type = "hidden" name = "_token" value = "<?php echo csrf_token() ?>" /> /* create your form*/ </form>
– Manu Joseph
Jan 9 at 10:28





I was facing the same error so i just removed this line from my .env file



SESSION_DRIVER=yourwebsite.com



if your config is set: SESSION_DRIVER=file you have to check if your session directory is writable. Check storage/framework/session



Place {{csrf_field()}} Into your form tag


{{csrf_field()}}


form



enter image description here



In my case the same problem was caused because I forgot to add > at the end of my hidden input field, like so: <input type="hidden" name="_token" value="{{ Session::token() }}"


>


<input type="hidden" name="_token" value="{{ Session::token() }}"



So, I fixed it by adding it:


<input type="hidden" name="_token" value="{{ Session::token() }}">



It's Funny but it works for me. i realised this is Caused because of default HTML TAG in laravel code.
Use /* */ or {{-- --}} instead



Or Try to Remove Recently Html Coment in you code...
Or change Html Comment to Php Comment...
Or try to run Any Worng artisan command like php artisan clean browser And See if it output any HTML Commented data along with it error...



We got it working by copying the routes from Router.php instead of using Auth::routes(), these are the routes you need:


Route::get('login', 'AuthLoginController@showLoginForm')->name('login');
Route::post('login', 'AuthLoginController@login');
Route::post('logout', 'AuthLoginController@logout')->name('logout');

// Registration Routes...
Route::get('register', 'AuthRegisterController@showRegistrationForm')->name('register');
Route::post('register', 'AuthRegisterController@register');

// Password Reset Routes...
Route::get('password/reset', 'AuthForgotPasswordController@showLinkRequestForm')->name('password.request');
Route::post('password/email', 'AuthForgotPasswordController@sendResetLinkEmail')->name('password.email');
Route::get('password/reset/{token}', 'AuthResetPasswordController@showResetForm')->name('password.reset');
Route::post('password/reset', 'AuthResetPasswordController@reset');



In my case , I added ob_start(); at the top of my index.php on server and everything seems to be working fine.



I know this question has been satisfactorily answered, but I wanted to mention a fix that worked in my case. I added {{ csrf_field() }} and it still didn't work.


{{ csrf_field() }}



Then I remembered that I blocked all cookies for development purposes, which can be nice when you change the page and want to refresh it.



Once I changed the settings to stop blocking all cookies in MS Edge browser the problem went away.


MS Edge browser



Tried different solutions to solve the problem for several weeks without success.



The problem I was facing was caused by upgrading from laravel 5.0 to 5.5 and forgot to update config/session.php



If anyone is facing the problem, try to update the config/session.php to match the version on Laravel you are running



my problem solved by just adding @csrf in form tag


@csrf



Laravel 5.6 doesn't support {{ csrf_field() }} just add @csrf in place of {{ csrf_field() }}


Laravel 5.6


{{ csrf_field() }}


@csrf


{{ csrf_field() }}



larvel_fix_error.png





it is very simple. go into
App/Kernel.php and comment
AppHttpMiddlewareVerifyCsrfToken::class,



Still anyone have this problem, use following code inside your form as below.


echo '<input type = "hidden" name = "_token" value = "'. csrf_token().'" >';





What does "inside your form" mean? Why do you want to echo something directly and not use a Twig template?
– Nico Haase
May 21 at 11:43






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

Makefile test if variable is not empty

Makefile test if variable is not empty In a makefile I'm trying to I've created this simplified makefile to demonstrate my problem. Neither make a or make b executes the body of the if, I don't understand why not. make a make b .PHONY: a b a: $(eval MY_VAR = $(shell echo whatever)) @echo MY_VAR is $(MY_VAR) $(info $(MY_VAR)) ifneq ($(strip $(MY_VAR)),) @echo "should be executed" endif @echo done b: $(eval MY_VAR = $(shell echo '')) @echo MY_VAR is $(MY_VAR) $(info $(MY_VAR)) ifneq ($(strip $(MY_VAR)),) @echo "should not be executed" endif @echo done I'm using $ make --version GNU Make 3.81 There are several problems, and misunderstandings. Your MY_VAR is a make variable, set it without a <tab> to its value, and no need to $(eval ...) . MY_VAR:=$(shell echo whatever) is enough. No <tab> before $(info ...) neither, this is make – Zelnes
Read more

Will Oldham

Image
"Palace Music" redirects here. For the racehorse, see Palace Music (horse). Bonnie 'Prince' Billy Will Oldham, June 6, 2009 Background information Birth name William Oldham Also known as Palace Brothers Palace Music Bonnie 'Prince' Billy Born ( 1970-12-24 ) December 24, 1970 (age 47) Louisville, Kentucky, United States Genres Folk alternative country country freak folk [1] Years active 1993–present Labels Drag City, Domino, Spunk Associated acts Dawn McCarthy, The Cairo Gang, Mekons, Matt Sweeney, Mick Turner, Tortoise, Trembling Bells, Harem Scarem, The Picket Line, Alex Neilson, Björk, Slint Website www.bonnieprincebilly.com Will Oldham (born December 24, 1970), better known by the stage name Bonnie 'Prince' Billy , is an American singer-songwriter and actor. From 1993 to 1997, he performed and recorded under variations of the Palace name, including the Palace Brothers, Palace Songs, and Palace Music. After releasing material under his own name,
Read more

'Series' object is not callable Error / Statsmodels illegal variable name

Image
Clash Royale CLAN TAG #URR8PPP 'Series' object is not callable Error / Statsmodels illegal variable name Update: You can download my dataset here. I am running a simple OLS regression with statsmodels and pandas dataframe as following: import statsmodels.formula.api as sm import pandas as pd df=pd.read_csv("exp.csv") #df is a dataframe that I have containing many variable names such as AAPL, SPY, INF, etc. for column in df: result=sm.ols(formula="SPY"+" ~ "+column, data=df).fit() However, one of the column name in df is INF . I guess maybe INF is a reserved word for pasty, the code gives me the following error: INF INF Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/home/ap248/.local/easybuild/software/2017/Core/miniconda2/4.3.27/lib/python2.7/site-packages/statsmodels/base/model.py", line 155, in from_formula missing=missing) File "/home/ap248/.local/easybuild/softw
Read more