Laravel 419: CSRF Token Mismatch

Resolve the "Page Expired" error in Laravel.

The 419 "Page Expired" error in Laravel means the CSRF token is invalid or missing. It's a protection against CSRF attacks, but can be frustrating when triggered incorrectly.

Symptoms

  • Page with "419 | Page Expired" message
  • Forms that don't submit
  • Errors after long inactivity
  • Problems only on certain browsers

Common Causes

  • Missing token: The @csrf or _token is missing from the form.
  • Session expired: The user was inactive too long.
  • Bad session config: Incorrect SESSION_DOMAIN or cookie problem.

Diagnostic Steps

  1. Verify @csrf is in the form
  2. Inspect the session cookie (DevTools)
  3. Check SESSION_DRIVER and SESSION_DOMAIN
  4. Test in private browsing

Automate with MoniTao

MoniTao detects recurring 419 errors:

  • HTTP monitoring to detect 4xx errors
  • Content validation to verify pages
  • Error history by endpoint

Best Practices

  • Use @csrf in all forms
  • Refresh the CSRF token via AJAX if needed
  • Configure an appropriate session duration
  • Check SESSION_SECURE_COOKIE for HTTPS

FAQ

Can I disable CSRF protection?

For certain routes (webhooks), yes. Never for user forms.

How to refresh token in AJAX?

Expose the token via a meta tag and use it in your AJAX headers.

Why does it work locally but not in production?

Check SESSION_DOMAIN, SESSION_SECURE_COOKIE and cookie configuration.

Can MoniTao test forms?

MoniTao monitors pages, not interactions. For forms, use E2E tests.

Useful Links

Ready to Sleep Soundly?

Start free, no credit card required.

Create My Account See pricing