I have spent nearly 2 days trying to solve this CSRF Token Mismatch issue.
I have an app running on laravel 4.2 and it has no issues with Ajax calls. I have migrated the site to Laravel 6 but I am having issues with Ajax calls. I checked the site source code and it has _token and so does the Ajax request (X-CSRF-Token) in the request header. Both of them match.
$.ajaxSetup({
headers: {
'X-CSRF-Token': $('meta[name="_token"]').attr('content')
}
});
I have setup the ajax header to add token in each ajax call.
When inspecting the problem, in the VerifyCsrfToken.php middleware, I noticed that the 2 tokens that are compared did not match.
return is_string($request->session()->token()) &&
is_string($token) &&
hash_equals($request->session()->token(), $token);
I checked the session files in the storage and noticed that there were multiple sessions files created, but each of them had different token value. However, when compared to the 4.2 code, all the tokens in session files were the same.
I do not have much knowledge on how these sessions files work.
I am wondering whether each request session should store the token different? Am I not storing the Cookie correctly or is there something different between version 4.2 and version 6.
Please any help is much appreciated.
