framework: Laravel 5.5 - The page has expired due to inactivity in Google Chrome

I have a form which includes {{ csrf_field() }}

When I submit the form in Firefox (v57.0.4) it works fine no issues.

When I submit the same form in Chrome (v63.0.3239.132) i keep getting:

The page has expired due to inactivity. Please refresh and try again.

I’ve tried to clear cookies/browser cache and it makes no difference. The issue is related to Chrome only as everything works fine in other browsers such as Firefox and Edge.

In my env file I have the following set:

SESSION_DRIVER=file

What I have noticed is that when I submit the form in Chrome, a new session file seems to be generated each time inside storage\framework\sessions. In fact every time I refresh the page or go to another page a new session file is being generated?

Another thing I’ve noticed is that if I login to my application in Chrome without selecting the remember me checkbox everything works fine. But if I login with the remember me checkbox selected, I get the above behavior. So the issue is something to do with how the remember me token is stored perhaps?

Note I’m running application on localhost using wamp on windows 10. This issue is only happening in Google Chrome.

Anyone got any tips to fix?

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 8
  • Comments: 37 (8 by maintainers)

Most upvoted comments

For my part I get the same problem. In my case I had

public function index() { Session::flush(); return view('home'); }

getting rid off my Session resolve my problem.

+8
zirby on May 28, 2018

Check to make sure you do not have another application running with the same APP_NAME value

APP_NAME=xyz-xyz

I had this same problem for over a year when I created subdomains of my companies primary domain. This is the session config for the cookie name, which Chrome is only setting on the primary domain instead of per subdomain

'cookie' => env( 'SESSION_COOKIE', str_slug(env('APP_NAME', 'laravel'), '_').'_session' ),

By updating the app name, it will alter the cookie name and you should not have this problem anymore

+6
therobfonz on Feb 20, 2018

if you are working on localhost or production add SESSION_DOMAIN=YOUR_LOCALHOST_DOMAIN on .env file then as usual php artisan config:cache it will work 💯

+4
joeljerushan on Aug 15, 2018

Check your session.php to see if you have anything set like this is true and you’re accessing via HTTP or something.

'secure' => env('SESSION_SECURE_COOKIE', false),
+4
bbashy on Feb 19, 2018

An expired csrf token causes this. The behavior is expected, it’s just how form submissions with csrf, work. However, the message displayed to the end-user is indeed misleading. It’s been discussed on the repo many times but has never been changed. If you go to any of Laravel’s official sites’ login form, and wait for the session to expire, the same thing happens.

You need to, first, make sure you’re using csrf with every form, catch the exception, and customize how you handle this. Generally you can just redirect to the login page.

+3
devcircus on Jan 31, 2019

In my case, I have got the same error message and then figured out that I have missed adding CSRF token for the form field. With Laravel 5.6 using Blades templates, it’s pretty easy

<form method="POST" action="/profile">
    @csrf
    ...
</form>

It doesn’t work, then Refresh the browser cache and now it might work

+2
udhavsarvaiya on Sep 20, 2018

Verify that your config/session.php file contains this line

'domain' => env('SESSION_DOMAIN', null),

Then remove the SESSION_DOMAIN line in your .env file

+2
yhcherif on Feb 22, 2018

As far as I understand the problem stems from CSRF token invalidation due to session expiry.

I found a simple solution for handling this error more or less gracefully.

Use the VerifyCsrfToken::handle() in your application to wrap the parent call to handle in a try-catch block which catches the TokenMismatchException and redirects back with an error message.

You can see a simple example here: VerifyCsrfToken

+1
mchekin on Dec 22, 2018

@rmf0938 I was just having the same problem and changing APP_NAME was the solution. Forgot to change from the default of “Laravel”.

+1
michaelGregoire on Apr 21, 2018

Could we have a glimpse at your views ? As for the authentication, are you using a custom solution ?

+1
am4sten on Feb 19, 2018

I’ve never heard of this before.

Have you tried on another computer? Sounds like Chrome is not allowing sessions on your domain, and so each page load causes a new session to be enabled. It’s likely a config issue with Chrome.

+1
laurencei on Feb 19, 2018

I havent heard of this before. Sounds like something in your project.

5.2 is not supported anymore. Try upgrading to 5.5 or 5.6, there have been lots of bug fixes since then

+1
laurencei on Feb 19, 2018
Read more comments on GitHub
← framework: Laravel 5.3 Job fails without calling failed() method
framework: Laravel 5.5/5.6 Changing Columns Not Working →