Laravel 5 and Internet Explorer : Token Mismatch

Asked 18/6, 2015 at 6:23 Answered 5/9, 2016 at 14:40

php internet-explorer laravel-5 csrf csrf-protection

My Laravel5 website uses csrf tokens to prevent CSRF attacks. On Chrome and Firefox, eveything works fine.

I submitted the site for my client to test and, when he uses Internet Explorer (9/10), he has "Token mismatch" errors on evey page using the token.

I assume it is a cookie/session issue.

After some research, I tried removing the slash in the cookie name ("laravel_session"), and changing the session driver ("file" by default). It didn't help.

I know my client could change its "trust policies" in IE but it's a public site and this would only be a temporary solution.

Any thoughs on that weird issue?

Accipitrine answered 18/6, 2015 at 6:23 Comment(1)

I work at an organisation where some users browse with IE from 8-11 and I have the same odd issue. I launched a HR application using Laravel 5 and as soon as it launched I checked the log and saw "Token mismatch" errors everywhere! @user534498's answer is a good start and something I hadn't considered but hope there's some more explanation to this issue as I don't even know where to start with finding its root cause. – Dirt 11/9, 2015 at 11:36

I am not sure about your case. But I just encountered same issue today. Only IE got problem. FF and chrome works fine.

I then realize that it's the time/date at the server is wrong. Set the server to current date, then everything is working now.

I guess it's because the server will set cookie expiration according to its own time, and at the client, IE will delete the cookies immediately if the server lags behind. Just my guess.

Hope it can solve your case too. Good luck.

Donatello answered 3/7, 2015 at 3:28 Comment(0)

In my case the problem was the server time. I read somewhere that if the server time is older than the client, IE clear the cookies. Then I notice that the server time here was 8 hours late. After fixing this, the Token Mismatch Error disappear.

Harmonious answered 5/9, 2016 at 14:40 Comment(1)

This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post. – Ketron 5/9, 2016 at 14:50

I had the same problem and what fixed it for me was to edit my .htaccess expire settings to:

<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault A0
    ExpiresByType text/html A0
    # Set up caching on media files for 1 year
    <FilesMatch "\.(jpg|png|gif|js|css|ico|woff|woff2|eot|svg|ttf)$">
        ExpiresDefault A31536000
    </FilesMatch>
</IfModule>

Before, my ExpiresDefault was A31536000 and I did not have the ExpiresByType text/html.

Bendicta answered 28/1, 2016 at 14:44 Comment(0)

I faced the same issue, and it was due to P3P error. Faced the issue on Edge (Windows 10).

I did a lot of research, and finally got it fixed.

All you have to do is create a new middleware and udpate the handle function to,

public function handle($request, Closure $next)
{
    $response = $next($request);
    $response->header('P3P', 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
    return $response;
}

Explained it in detail at

https://robinz.in/csrf-token-session-error-with-laravel-on-ie-edge/

Pratt answered 7/3, 2016 at 8:57 Comment(1)

Neither for me for some reason – Restrain 27/10, 2016 at 10:56

Recommended topics

Hot tags