laravel 5.5 The page has expired due to inactivity. Please refresh and try again


Php Problem Overview

I'm new with Laravel and I have a problem which I don't understand. I have а log form in my project and my method is POST. When I try a request the result is:

> 'The page has expired due to inactivity. Please refresh and try > again.'

But if I change the method to GET, It works fine.

Can someone tell me why is that and how to fix it? because of course I need POST method.

Php Solutions

Solution 1 - Php

This problem comes from the CSRF token verification which fails. So either you're not posting one or you're posting an incorrect one.

The reason it works for GET is that for a GET route in Laravel, there is no CSRF token posted.

You can either post a CSRF token in your form by calling:

{{ csrf_field() }}

Or exclude your route (NOT RECOMMENDED DUE TO SECURITY) in app/Http/Middleware/VerifyCsrfToken.php:

protected $except = [

Solution 2 - Php

In my case, I've got the same error message and then figured out that I've missed to add csrf_token for the form field. Then add the csrf_token.

Using form helper that will be,

{{ csrf_field() }}

Or without form helper that will be,

<input type="hidden" name="_token" value="{{ csrf_token() }}">

If that doesn't work, then-

Refresh the browser cache

and now it might work, thanks.

Update For Laravel 5.6

Laravel integrates new @csrf instead of {{ csrf_field() }}. That looks more nice now.

<form action="">

Solution 3 - Php

Anytime you define an HTML form in your application, you should include a hidden CSRF token field in the form so that the CSRF protection middleware can validate the request. You may use the csrf_field helper to generate the token field:

<form method="POST" action="/profile">
    {{ csrf_field() }}

It doesn't work, then Refresh the browser cache and now it might work,

For more details open link :- CSRF Protection in Laravel 5.5


With Laravel 5.6 using Blades templates, it's pretty easy.

<form method="POST" action="/profile">

For more details open link :- CSRF Protection in Laravel 5.6

Solution 4 - Php

Verify that your config/session.php file contains this line

'domain' => env('SESSION_DOMAIN', null),

Then remove the SESSION_DOMAIN line in your .env file

Solution 5 - Php

In my case , I added ob_start(); at the top of my index.php on server and everything seems to be working fine.

Solution 6 - Php

i had same problem. use 'clear browsing data' in chrome. maybe solve your problem.

Solution 7 - Php

This happens because you are using the default CSRV middleware from Laravel's installation. To solve, remove this line from your Kernel.php:


This is fine if you are build an API. However, if you are building a website this is a security verification, so be aware of its risks.

Solution 8 - Php

Tried different solutions to solve the problem for several weeks without success.

The problem I was facing was caused by upgrading from laravel 5.0 to 5.5 and forgot to update config/session.php

If anyone is facing the problem, try to update the config/session.php to match the version on Laravel you are running

Solution 9 - Php

I had the same problem, I have tried many solutions. but none worked for me. then I found out that for some reason I was using this in my .env file:


and as soon as I put it back to null, everything worked just fine.

Solution 10 - Php

Excluding URIs From CSRF Protection:

Sometimes you may wish to exclude a set of URIs from CSRF protection. For example, if you are using Stripe to process payments and are utilizing their webhook system, you will need to exclude your Stripe webhook handler route from CSRF protection since Stripe will not know what CSRF token to send to your routes.

Typically, you should place these kinds of routes outside of the web middleware group that the RouteServiceProvider applies to all routes in the routes/web.php file. However, you may also exclude the routes by adding their URIs to the $except property of the VerifyCsrfToken middleware:


namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
     * The URIs that should be excluded from CSRF verification.
     * @var array
    protected $except = [

Solution 11 - Php

if your config is set: SESSION_DRIVER=file you have to check if your session directory is writable. Check storage/framework/session

Solution 12 - Php

Place {{csrf_field()}} Into your form tag

enter image description here

Solution 13 - Php

If you have already included the CSRF token in your form. Then you are getting the error page possibly because of cache data in your form.

Open your terminal/command prompt and run these commands in your project root.

  1. php artisan cache:clear

  2. php artisan config:clear

  3. php artisan route:clear

  4. php artisan view:clear,

Also try to clear the browser cache along with running these commands.

Solution 14 - Php

First, include csrf in your form.

{{ csrf_field() }}

if the problem didn't solve, then use ob_start(); at the very start of index.php.

<?php ob_start();

Solution 15 - Php

In my case, there was 'space' before <?php in one of my config file. This solved my issue.

Solution 16 - Php

Just place this code inside the form

<input type = "hidden" name = "_token" value = "<?php echo csrf_token() ?>" />

Solution 17 - Php

I was facing the same error so i just removed this line from my .env file

Solution 18 - Php

Still anyone have this problem, use following code inside your form as below.

 echo '<input type = "hidden" name = "_token" value = "'. csrf_token().'" >';

Solution 19 - Php

Just add @csrf inside your form tag.

Or you can include csrf_token in the header to send it with every request.

Solution 20 - Php

if you need to change form action with Javascript you will have the same problem

1.first you need to use

instead of {!!Form::open() !!} {!! close() !!} in laravel
2.second you most begin your action with +your Route

Do not Forget www in your url!!!

Solution 21 - Php

In my case the same problem was caused because I forgot to add > at the end of my hidden input field, like so: <input type="hidden" name="_token" value="{{ Session::token() }}"

So, I fixed it by adding it:

<input type="hidden" name="_token" value="{{ Session::token() }}">

Solution 22 - Php

It's Funny but it works for me. i realised this is Caused because of default HTML TAG in laravel code. Use /* */ or {{-- --}} instead

Or Try to Remove Recently Html Coment in you code... Or change Html Comment to Php Comment... Or try to run Any Worng artisan command like php artisan clean browser And See if it output any HTML Commented data along with it error...

Solution 23 - Php

We got it working by copying the routes from Router.php instead of using Auth::routes(), these are the routes you need:

Route::get('login', 'Auth\LoginController@showLoginForm')->name('login');
Route::post('login', 'Auth\LoginController@login');
Route::post('logout', 'Auth\LoginController@logout')->name('logout');

// Registration Routes...
Route::get('register', 'Auth\RegisterController@showRegistrationForm')->name('register');
Route::post('register', 'Auth\RegisterController@register');

// Password Reset Routes...
Route::get('password/reset', 'Auth\ForgotPasswordController@showLinkRequestForm')->name('password.request');
Route::post('password/email', 'Auth\ForgotPasswordController@sendResetLinkEmail')->name('');
Route::get('password/reset/{token}', 'Auth\ResetPasswordController@showResetForm')->name('password.reset');
Route::post('password/reset', 'Auth\ResetPasswordController@reset');

Solution 24 - Php

I know this question has been satisfactorily answered, but I wanted to mention a fix that worked in my case. I added {{ csrf_field() }} and it still didn't work.

Then I remembered that I blocked all cookies for development purposes, which can be nice when you change the page and want to refresh it.

Once I changed the settings to stop blocking all cookies in MS Edge browser the problem went away.

Solution 25 - Php

my problem solved by just adding @csrf in form tag

Laravel 5.6 doesn't support {{ csrf_field() }} just add @csrf in place of {{ csrf_field() }}


Solution 26 - Php

  1. It may be csrf token do not have in your form. You have to use @crsf or {{ csrf_field() }}

  2. If you are use csrf on your form. It may be cache. Clear your app cache.

    php artisan cache:clear
    php artisan view:clear
    php artisan cache:clear

    And clear your browser cache.

  3. If errors again show you, then create a new key

    php artisan key:generate

Solution 27 - Php

If anyone still looking for an answer to this issue. For me it happens when I'm switching between local and production server and I'm logged on both sites. To fix the issue, just clear the session.

just set the 'expire_on_close' => true in config\session.php and restart your browser

Solution 28 - Php

I recently went through this problem, tried all the solutions proposed here (and the internet) without success for 5 days.

In my case my environment:

Laravel: 5.5

PHP: 7.2

SSL: production



The problem is that I had automated the deployment using the git --bare repository with ansimble.

And all folders when pushing were with permission 0775 (inherited from the git user). When ansinble was run it replicated this permission to all folders. When composing install for example, all vendor folders also had this permission.

The csrf, has a policy of blocking what is considered insecure, especially if you use an encrypted environment (SSL).

I only realized the problem when I decided to carry out the deployment manually, zipped the project, uploaded it, unzipped it and ran the commands to generate the caches and dependencies. And then I realized that this way all folders were with permission 0755 (inherited from the system user). And this is the default permission that is considered safe.

Solution 29 - Php

In my case, it seems to be an issue in my web browser (Firefox for Android) or my smartphone with full storage. In another browsers and devices it works. By the way, the issue happens only when I send files through the form, I realized I currently can't upload files from my smartphone through this browser in any websites like

Solution 30 - Php

Go into App/Kernel.php and comment \App\Http\Middleware\VerifyCsrfToken::class.


All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionSvetlozarView Question on Stackoverflow
Solution 1 - PhpErik BaarsView Answer on Stackoverflow
Solution 2 - PhpManiruzzaman AkashView Answer on Stackoverflow
Solution 3 - PhpUdhav SarvaiyaView Answer on Stackoverflow
Solution 4 - PhpYoussouf CherifView Answer on Stackoverflow
Solution 5 - PhpAyan MohammadView Answer on Stackoverflow
Solution 6 - PhpSayed Mohammad Amin EmraniView Answer on Stackoverflow
Solution 7 - PhpJosé Ricardo JúniorView Answer on Stackoverflow
Solution 8 - PhpRayton KiweluView Answer on Stackoverflow
Solution 9 - PhpAhmed MarzoukView Answer on Stackoverflow
Solution 10 - PhpKamleshView Answer on Stackoverflow
Solution 11 - PhpPawel KolodziejukView Answer on Stackoverflow
Solution 12 - PhpWael AssafView Answer on Stackoverflow
Solution 13 - PhpAneeqa ChowdhuryView Answer on Stackoverflow
Solution 14 - PhpAbid ShahView Answer on Stackoverflow
Solution 15 - PhpAkshay BhosaleView Answer on Stackoverflow
Solution 16 - PhpManu JosephView Answer on Stackoverflow
Solution 17 - PhpAkash SethiView Answer on Stackoverflow
Solution 18 - PhpSineth LakshithaView Answer on Stackoverflow
Solution 19 - PhpShazView Answer on Stackoverflow
Solution 20 - PhpMohammad KhanView Answer on Stackoverflow
Solution 21 - PhpKaloyan DrenskiView Answer on Stackoverflow
Solution 22 - Phpsamtax01View Answer on Stackoverflow
Solution 23 - PhpMiguel StevensView Answer on Stackoverflow
Solution 24 - Phpghostcoder23xView Answer on Stackoverflow
Solution 25 - PhpmysticmeeloneView Answer on Stackoverflow
Solution 26 - PhpTuran ZamanlıView Answer on Stackoverflow
Solution 27 - Phpuser1917451View Answer on Stackoverflow
Solution 28 - PhpFilipe DamascenoView Answer on Stackoverflow
Solution 29 - PhpcawecoyView Answer on Stackoverflow
Solution 30 - PhpAarifView Answer on Stackoverflow