1

I searched over the internet for solve this issue. All I saw are other types of error. I use CSRF, my cache isn't the problem and my files had the correct permissions.

The login page is out of the "web" middleware because I don't want to be affected the session timeout on it. I don't know how but if I let the session ends, I mean the timeout, I get the next error message when I try to login in my project

The page has expired due to inactivity. Please refresh and try again.

Just for clarify, if I login before the timeout expire all works fine

In my routes/web.php I have:

Route::get('/', 'LoginController@index')->name('index');
Route::middleware(['web'])->group(function () {
// More routes
}

In my Kernel.php

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

    'api' => [
        'throttle:60,1',
        'bindings',
    ],
];

Looks like RouteServiceProvider at App/Providers is generating the error. The following function make all the routes use the web middleware:

protected function mapWebRoutes()
{
    Route::middleware('web')
         ->namespace($this->namespace)
         ->group(base_path('routes/web.php'));
}

I found that some people make differents functions on this file for differents controllers. I mean, probably make a new middleware and move this route to a new controller could be an option. Unfortunately, I don't found how create a middleware without be affected by a session timeout.

Hector
  • 65
  • 1
  • 1
  • 8
  • I found a "bad solution", reload after session expire. It isn't what I was looking for someone have a better solution for this? – Hector Dec 23 '19 at 17:22
  • you probably didnt post the csrf token – delboy1978uk Jan 07 '20 at 11:24
  • 1
    Laravel, by default, set `web` middleware for everything on file `routes/web.php` via `RouteServiceProvider` at App/Providers. Have you made any changes there to remove middleware setting? If not, you must provide `csrf` token while submitting the login form. – Pusparaj Jan 07 '20 at 11:37
  • @delboy1978uk I have the csrf token on the login form – Hector Jan 07 '20 at 11:55
  • @Pusparaj I'm seeing what you tell. Looks like it comes from this file. – Hector Jan 07 '20 at 11:58
  • How are you implementing CSRF for the login form? Insite `
    ` section in your login page, add CSRF blade directive `@csrf` and that should work, for any kind of HTTP forms. If you are submitting login credentials via JS/AJAX/Axios or anything similar, you have to set `X-CSRF-TOKEN` header with the request.     – Pusparaj Jan 07 '20 at 13:51
  • That is not my problem, I'm using CSRF inside my form. Thanks anyway – Hector Jan 07 '20 at 14:11
  • Does this answer your question? [laravel 5.5 The page has expired due to inactivity. Please refresh and try again](https://stackoverflow.com/questions/46149561/laravel-5-5-the-page-has-expired-due-to-inactivity-please-refresh-and-try-again) – Amit Sharma Jan 10 '20 at 09:44
  • No, it isn't the problem @AmitSharma I use CSRF like I said, I have this error message if the session expire but I want to don't have session on my login. Thanks anyway – Hector Jan 10 '20 at 13:58
  • Then you can increase this time in the app/config.php – Amit Sharma Jan 10 '20 at 14:44
  • Increase the time is not what I'm looking for, because I can set 1 hour but an user could stay with the login page opened 4 and when he try to access the system will display this message, unless I refresh it or I find how avoid that session expiration on login page. – Hector Jan 17 '20 at 10:34

1 Answers1

0

try the following steps 

php artisan cache:clear
php artisan config:clear
php artisan route:clear
php artisan view:clear
php artisan config:cache

And in controller constructor try to flush the session because this csrf_token is stored in the session per user.

public function __construct()
{
    Session::flush();
}

Session::regenerateToken(); // Which generates a new token on request.
Amit Sharma
  • 1,775
  • 3
  • 11
  • 20