Getting 419 page expired error while logging in laravel app - laravel

I am trying to login in my laravel app on live server on local it works fine. but on live server it give 419 page expired error. I tried previouse questions answer on Stackoverflow but nothing working.
I tried to find if there is any file which is not starting from <?php
Also I made sure that #csrf token is passed from login form.
It was working fine suddenly start giving this error

this is because you use "HTTP" protocol.use "HTTPS" instead it it should be fine.

Related

laravel breeze doesn't work in production?

I made my first laravel project using Breeze authentification (laravel 9.2).
Everything is ok in local, I can register and login users.
But unfortunately in production on my server, login form and register form don't work so well !
I made a second laravel project, with only authentification functionnality to check if the problem come from part of my app. But the problem repeats : nice in local, does'nt work in production... I don't understand why.
When I submit my new created user or login with an existing user, the form reloads without performing the action...
I have this 404 error in my network console :
POST https://www.prod-breeze.yannpollet.fr/register [HTTP/2 404 Not Found 411ms]
My route login or register exists of course, created automatically with breeze installation.
I read in some forum that Breeze doesn't support https, but i can't believe it.
Anyone has the same problem or know hot to resolve it ?

Laravel login stuck in loop

I'm having an issue when deploying. When logging into Laravel Nova it just refreshes the login screen over and over again and seems stuck in a loop. whether you enter the wrong or right credentials makes no difference. There are no error messages and reloads the login page.
All working on localhost, and the wrong credentials error message does show up on local if incorrect details entered. Strange issue just generated a server on Forge + DigitalOcean. I don't see what could be the issue.
It's the post form trying to post to http instead of https... if anyone has that issue hope it helped

Unable to get laravel to work with aws application load balancer

I have set up an application load balancer on AWS. I am able to access my site but when I try to log in, I was redirected to a page with the message "The page has expired due to inactivity. Please refresh and try again I try taking out the ALB and the site work normally but when put on ALB then I keep getting the inactivity page.
I am using Laravel 5.5, hosted on ubuntu 16.04
I set my session and cache on database hope it will solve the issues but I still got the same problem.
I tried to turn off VerifyCsrfToken middleware, I wasn't redirected to the inactivity page but it keeps redirecting me back to the login page.
I managed to find a solution to my problem. My APP_KEY was different for all 3 servers, therefore, causing the problem. After changing it to the same APP_KEY in the .env then everything is working fine.
Hope this will help anyone who encounters a similar problem.

Facebook Socialite, Login not working as expected (redirect to website fails) - Laravel 5.6

Facebook Registration works fine and users are redirected to the website but when users try to log-in using their FB account then it does not seem to work, that is, users are not redirected to the website instead loads facebook.com .
I checked the url before facebook asks user to enter fb password and it seems like permission denied is shown as below, but not sure what does that mean?:
callback%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied
I have added https which I thought could be the cause of error but then so many websites still use fb login successfully even when they don't have SSL (https). Also, SSL (https) does not seem to resolve the issue.
I am not sure how to debug this issue because not sure what is causing this, Laravel Socialite is straight-forward. Other Socialite Login I tried for example: Google+ seems to work just fine.
Any help is appreciated.
If You would like to see any part of the code, let me know in the comment.

CSRF token not found, unless using incognito browser

Something is wrong with how my Spring web app handles CSRF tokens. When I try to login in browser, I get the following error:
There was an unexpected error (type=Forbidden, status=403).
Could not verify the provided CSRF token because your session was not found.
Strangely, the error goes away if I use incognito mode in Chrome or another machine. So I figured maybe I'm stuck with an outdated CSRF cookie, and I deleted the only cookie associated with the login page in Chrome. When I refresh, I can see that the server provided me with a fresh cookie that is different from the original one. How is it possible that the error still persists?
I was able to reproduce the issue on another machine earlier and when I deleted everything in Chrome, it started working. I don't want to delete everything from Chrome on this machine, and also, I would like to understand what caused the issue in the first place.
I can see the following field in both Incognito mode and normal:
<input type="hidden" name="_csrf" value="96dddccc-4425-40b2-9947-462877c94238">
However, when I refresh the page in normal mode, I get a new CSRF value every time, whereas when I refresh the page in incognito mode, I get the same value every time.
I went through all the configs in my Spring app and I haven't configured CSRF tokens anywhere. Spring is doing that inside some black box that I can't access to see what's wrong.

Resources