What causes the CSRF token mismatch error in Laravel?

The CSRF token mismatch error is commonly caused by: Token expired due to session timeout, Multiple browser tabs with different tokens, Token not sent with AJAX request.

Which Laravel versions does this affect?

This error can occur in Laravel versions 8, 9, 10, 11, 12.

Security Laravel 8 Laravel 9 Laravel 10 Laravel 11 Laravel 12

CSRF Token Mismatch Error in Laravel - Complete Fix

The CSRF token mismatch error occurs when the token submitted with a request doesn't match the one stored in the session.

The Error

Error Message

CSRF token mismatch

Common Causes

1 Token expired due to session timeout
2 Multiple browser tabs with different tokens
3 Token not sent with AJAX request
4 Session driver misconfiguration
5 Load balancer not sharing sessions

Solutions

Ensure CSRF token is in all forms

Blade

<form method="POST">
    @csrf
    <!-- or -->
    <input type="hidden" name="_token" value="{{ csrf_token() }}">
</form>

Configure Axios to send CSRF token

JavaScript

axios.defaults.headers.common['X-CSRF-TOKEN'] = document.querySelector('meta[name="csrf-token"]').getAttribute('content');

Check session configuration

PHP

// config/session.php
'lifetime' => 120,
'expire_on_close' => false,
'same_site' => 'lax',

Need Help With Your Laravel Project?

I specialize in building custom Laravel applications, process automation, and SaaS development. Whether you need to eliminate repetitive tasks or build something from scratch, let's discuss your project.

Schedule Free Consultation View My Work

Currently available for 2-3 new projects

About Hafiz

Senior Full-Stack Developer with 9+ years building web apps and SaaS platforms. I build web applications with Laravel and Vue.js, and automate business processes. Creator of ReplyGenius, StudyLab, and other SaaS products.

View Portfolio

Related Errors

Security

419 Page Expired Error in Laravel - CSRF Token Fix

419 Page Expired