🔒 Fix “419 Page Expired / CSRF Token Mismatch” in Laravel (2025) Sometimes when submitting a form in Laravel, you’ll see this error: 419 Page Expired This happens because Laravel protects forms with CSRF tokens. Don’t worry — it’s common, and easy to fix. ✅ 🔍 Why Does This Error Happen? Laravel uses CSRF (Cross-Site Request Forgery) tokens to make sure the form request comes from your site, not from hackers. This error usually happens when: You forgot to include @csrf in your form. Your session expired (short SESSION_LIFETIME). You’re submitting requests with AJAX but didn’t send the token. Cache or cookie issues in the browser. 🛠 Step-by-Step Fix ✅ 1. Add @csrf in Forms Whenever you create a form in Blade, always include @csrf:

@csrf Login

👉 This generates a hidden CSRF token input automatically. ✅ 2. Increase Session Lifetime If sessions expire too quickly, increase lifetime in .env: SESSION_LIFETIME=120 That means the session will stay active for 120 minutes. ✅ 3. AJAX Requests – Send CSRF Token If you’re using JavaScript/AJAX, you must include the CSRF token in headers. Example with Axios: axios.post('/post-data', data, { headers: { 'X-CSRF-TOKEN': document.querySelector('meta[name="csrf-token"]').getAttribute('content') } }); Example with jQuery: $.ajaxSetup({ headers: { 'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content') } }); ✅ 4. Clear Cache & Cookies Sometimes old cookies cause token mismatch. Run: php artisan cache:clear php artisan config:clear php artisan route:clear Also clear browser cookies and try again. 🎯 Pro Tips Always add inside your tag if using AJAX. If you’re using API routes (routes/api.php), they don’t need CSRF by default. Check SESSION_DOMAIN in .env if you’re working with subdomains. ✅ Final Words Laravel 419 Page Expired is usually caused by missing @csrf or expired sessions. By adding @csrf and adjusting session settings, you can fix it in minutes. Back