Fix Laravel 419 Page Expired (CSRF Token Mismatch) Error – Beginner Guide (2025)
recent posts Laravel 12 CRUD Application Example – Free Download with Source Code Hospital Management System in PHP – Full Project with Free Source Code & Database Student data management system Student-Data Responsive Ecommerce Website in PHP MySQL with Admin & User Panel – Full Project

Fix Laravel 419 Page Expired (CSRF Token Mismatch) Error – Beginner Guide (2025)

🔒 Fix “419 Page Expired / CSRF Token Mismatch” in Laravel (2025)

Sometimes when submitting a form in Laravel, you’ll see this error:

419 Page Expired


This happens because Laravel protects forms with CSRF tokens. Don’t worry — it’s common, and easy to fix. ✅

🔍 Why Does This Error Happen?

Laravel uses CSRF (Cross-Site Request Forgery) tokens to make sure the form request comes from your site, not from hackers.

This error usually happens when:

You forgot to include @csrf in your form.

Your session expired (short SESSION_LIFETIME).

You’re submitting requests with AJAX but didn’t send the token.

Cache or cookie issues in the browser.

🛠 Step-by-Step Fix
✅ 1. Add @csrf in Forms

Whenever you create a form in Blade, always include @csrf:

<form action="{{ route('login') }}" method="POST">
@csrf
<input type="email" name="email" placeholder="Email">
<input type="password" name="password" placeholder="Password">
<button type="submit">Login</button>
</form>


👉 This generates a hidden CSRF token input automatically.

✅ 2. Increase Session Lifetime

If sessions expire too quickly, increase lifetime in .env:

SESSION_LIFETIME=120


That means the session will stay active for 120 minutes.

✅ 3. AJAX Requests – Send CSRF Token

If you’re using JavaScript/AJAX, you must include the CSRF token in headers.

Example with Axios:

axios.post('/post-data', data, {
headers: {
'X-CSRF-TOKEN': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
}
});


Example with jQuery:

$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});

✅ 4. Clear Cache & Cookies

Sometimes old cookies cause token mismatch. Run:

php artisan cache:clear
php artisan config:clear
php artisan route:clear


Also clear browser cookies and try again.

🎯 Pro Tips

Always add <meta name="csrf-token" content="{{ csrf_token() }}"> inside your <head> tag if using AJAX.

If you’re using API routes (routes/api.php), they don’t need CSRF by default.

Check SESSION_DOMAIN in .env if you’re working with subdomains.

✅ Final Words

Laravel 419 Page Expired is usually caused by missing @csrf or expired sessions. By adding @csrf and adjusting session settings, you can fix it in minutes.

Back
Top Source Code

Free download source code

© 2025 copyright: topsourcecode.com