Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Token Mismatch on logon #2826

Closed
Louuu opened this issue Oct 27, 2016 · 20 comments
Closed

Token Mismatch on logon #2826

Louuu opened this issue Oct 27, 2016 · 20 comments
Labels
❓ not sure if bug This issue has not been confirmed as a bug yet

Comments

@Louuu
Copy link

Louuu commented Oct 27, 2016

Expected Behavior (or desired behavior if a feature request)

Type correct username and password, login and see the Snipe Dashboard


Actual Behavior

You are redirected to the logon screen.

This has been replicated on multiple computers running Google Chrome 54.0.2840.71, however the site functions correctly in Internet Explorer - haven't tried another browser.

The session file created reports "Your form session has expired. Please try again."


Please confirm you have done the following before posting your bug report:


Please provide answers to these questions before posting your bug report:

  • Version of Snipe-IT you're running
    3.4.0.9
  • What OS and web server you're running Snipe-IT on
    Windows Server 2012 and IIS
  • What method you used to install Snipe-IT (install.sh, manual installation, docker, etc)
    Manual installation
  • If you're getting an error in your browser, include that error
    N/A
  • What specific Snipe-IT page you're on, and what specific element you're interacting with to trigger the error
    /login
  • If a stacktrace is provided in the error, include that too.
[2016-10-27 08:49:26] production.ERROR: exception 'Illuminate\Session\TokenMismatchException' in C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php:3227
Stack trace:
#0 [internal function]: Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle(Object(Illuminate\Http\Request), Object(Closure))
#1 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(9963): call_user_func_array(Array, Array)
#2 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))
#3 C:\inetpub\wwwroot\snipe\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#4 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(13213): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))
#5 [internal function]: Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(Illuminate\Http\Request), Object(Closure))
#6 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(9963): call_user_func_array(Array, Array)
#7 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))
#8 C:\inetpub\wwwroot\snipe\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#9 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(13150): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))
#10 [internal function]: Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(Illuminate\Http\Request), Object(Closure))
#11 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(9963): call_user_func_array(Array, Array)
#12 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))
#13 C:\inetpub\wwwroot\snipe\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#14 [internal function]: Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))
#15 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(9948): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#16 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(8226): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#17 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(8217): Illuminate\Routing\Router->runRouteWithinStack(Object(Illuminate\Routing\Route), Object(Illuminate\Http\Request))
#18 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(8207): Illuminate\Routing\Router->dispatchToRoute(Object(Illuminate\Http\Request))
#19 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(2419): Illuminate\Routing\Router->dispatch(Object(Illuminate\Http\Request))
#20 [internal function]: Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http{closure}(Object(Illuminate\Http\Request))
#21 C:\inetpub\wwwroot\snipe\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(52): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#22 C:\inetpub\wwwroot\snipe\vendor\fideloper\proxy\src\TrustProxies.php(46): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))
#23 [internal function]: Fideloper\Proxy\TrustProxies->handle(Object(Illuminate\Http\Request), Object(Closure))
#24 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(9963): call_user_func_array(Array, Array)
#25 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))
#26 C:\inetpub\wwwroot\snipe\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#27 C:\inetpub\wwwroot\snipe\app\Http\Middleware\CheckForSetup.php(22): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))
#28 [internal function]: App\Http\Middleware\CheckForSetup->handle(Object(Illuminate\Http\Request), Object(Closure))
#29 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(9963): call_user_func_array(Array, Array)
#30 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))
#31 C:\inetpub\wwwroot\snipe\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#32 C:\inetpub\wwwroot\snipe\app\Http\Middleware\NosniffGuard.php(17): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))
#33 [internal function]: App\Http\Middleware\NosniffGuard->handle(Object(Illuminate\Http\Request), Object(Closure))
#34 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(9963): call_user_func_array(Array, Array)
#35 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))
#36 C:\inetpub\wwwroot\snipe\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#37 C:\inetpub\wwwroot\snipe\app\Http\Middleware\XssProtectHeader.php(17): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))
#38 [internal function]: App\Http\Middleware\XssProtectHeader->handle(Object(Illuminate\Http\Request), Object(Closure))
#39 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(9963): call_user_func_array(Array, Array)
#40 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))
#41 C:\inetpub\wwwroot\snipe\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#42 C:\inetpub\wwwroot\snipe\app\Http\Middleware\FrameGuard.php(17): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))
#43 [internal function]: App\Http\Middleware\FrameGuard->handle(Object(Illuminate\Http\Request), Object(Closure))
#44 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(9963): call_user_func_array(Array, Array)
#45 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))
#46 C:\inetpub\wwwroot\snipe\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#47 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(13474): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))
#48 [internal function]: Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(Illuminate\Http\Request), Object(Closure))
#49 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(9963): call_user_func_array(Array, Array)
#50 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))
#51 C:\inetpub\wwwroot\snipe\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#52 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(11964): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))
#53 [internal function]: Illuminate\Session\Middleware\StartSession->handle(Object(Illuminate\Http\Request), Object(Closure))
#54 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(9963): call_user_func_array(Array, Array)
#55 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))
#56 C:\inetpub\wwwroot\snipe\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#57 C:\inetpub\wwwroot\snipe\vendor\misterphilip\maintenance-mode\src\MisterPhilip\MaintenanceMode\Http\Middleware\CheckForMaintenanceMode.php(145): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))
#58 [internal function]: MisterPhilip\MaintenanceMode\Http\Middleware\CheckForMaintenanceMode->handle(Object(Illuminate\Http\Request), Object(Closure))
#59 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(9963): call_user_func_array(Array, Array)
#60 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))
#61 C:\inetpub\wwwroot\snipe\vendor\laravel\framework\src\Illuminate\Routing\Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#62 [internal function]: Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))
#63 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(9948): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#64 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(2366): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#65 C:\inetpub\wwwroot\snipe\bootstrap\cache\compiled.php(2350): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request))
#66 C:\inetpub\wwwroot\snipe\public\index.php(60): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request))
#67 {main}
  • Any errors that appear in your browser's error console.
    N/A
  • Confirm whether the error is reproduceable on the demo.
    No
  • Include any additional information you can find in app/storage/logs and your webserver's logs.
    Session file reports
  • Include what you've done so far in the installation, and if you got any error messages along the way.
    All has worked OK except this
  • Indicate whether or not you've manually edited any data directly in the database
    N/A
@snipe
Copy link
Owner

snipe commented Oct 27, 2016

Check that your APP_URL in your env is exactly the same as the URL you're using in your browser, and make sure the storage directory and your temp directory are writable.

@Louuu
Copy link
Author

Louuu commented Oct 27, 2016

I've double checked all of those. But I shall triple check in the morning. I'm not sure if they'll be the issue as the site logs in fine with IE :/

@snipe
Copy link
Owner

snipe commented Oct 27, 2016

Can you tell me what version of Laravel you've got?

@snipe snipe added the ❓ not sure if bug This issue has not been confirmed as a bug yet label Oct 27, 2016
@Louuu
Copy link
Author

Louuu commented Oct 27, 2016

As requested, the Laravel Version is 5.2.45

@snipe
Copy link
Owner

snipe commented Oct 27, 2016

Damn. There was a change in the way the web middleware works in 5.2.7, and was hoping that might be the issue.

Are you behind a load balancer or anything that might be doing something funny with sessions?

It looks like you're not the only one having this issue:
https://laracasts.com/discuss/channels/laravel/512-logging-in-with-remember-me-causes-tokenmismatchexception-on-form-submit

Can you show me what you have for your OPTIONAL: SESSION SETTINGS in the .env file? (And make sure the COOKIE_DOMAIN matches the domain you're accessing the site from.) That part should be optional, but Chrome may have some weird behavior when you don't specify a cookie domain.

(Make sure to run php artisan config:clear to clear your configuration cache)

@Louuu
Copy link
Author

Louuu commented Oct 28, 2016

Nope, there's no load balancer at all :)

# --------------------------------------------
# OPTIONAL: SESSION SETTINGS
# --------------------------------------------
SESSION_LIFETIME=12000
EXPIRE_ON_CLOSE=false
ENCRYPT=false
COOKIE_NAME=snipeit_session
COOKIE_DOMAIN=null
SECURE_COOKIES=true

I have tried with the COOKIE_DOMAIN configured as the domain however, this made no difference.

@sysnoo
Copy link

sysnoo commented Oct 28, 2016

I have that issue (reported as #2837).
I commented all Session Settings in .env
It worked for me

@sysnoo
Copy link

sysnoo commented Oct 28, 2016

It seems the issue is with SECURE_COOKIES
Commenting only that line and I can login

@snipe
Copy link
Owner

snipe commented Oct 29, 2016

That doesn't really make sense though. HTTPS-only cookies are accepted in all browsers.

@snipe
Copy link
Owner

snipe commented Oct 29, 2016

I'm sure this is a dumb question, but can you confirm that you don't have any settings or plugins in chrome that would block cookies?

@snipe
Copy link
Owner

snipe commented Oct 29, 2016

Also, can you see if you can reproduce on the demo? I just fixed some of the HTML that was improperly nested, which chrome can sometimes choke on. If that works, you might try pulling from master.

@Louuu
Copy link
Author

Louuu commented Oct 29, 2016

The issue you referenced this one to was the same upgrade path 👍

There shouldn't be any plugins, however I shall double check on Monday when I am back in the office. The demo works fine from my personal laptop, however, I will have to test it from the computers it was tested on at work.

@Louuu
Copy link
Author

Louuu commented Oct 31, 2016

Hello there :)

I have double checked and there are no plugins at all in Google Chrome.
I have disabled secure cookies and this has resolved the issue for now, however the environment in which I work in wouldn't allow that as a solution :(

@snipe
Copy link
Owner

snipe commented Oct 31, 2016

And you're running this over https, right?

@snipe
Copy link
Owner

snipe commented Oct 31, 2016

Also, if you set ENCRYPT to true, and enable the SECURE_COOKIES option, does it still fail? (You'll need a COOKIE_DOMAIN value set to the domain you're accessing the site from as well)

@Louuu
Copy link
Author

Louuu commented Nov 1, 2016

After setting SECURE_COOKIES back to true. This issue has resolved itself on my end on all devices!

@Louuu
Copy link
Author

Louuu commented Nov 1, 2016

Also yes, this is running over HTTPS :)

@Louuu
Copy link
Author

Louuu commented Nov 2, 2016

Spoke too soon! It's dropped again.

I shall have a look at the suggested methods above


Have looked again and the issue hasn't resolved with these settings

@steveelwood
Copy link

Same thing happened to me. It turned out that my latest upgrade to 3.6.1 replaced the .htaccess file under /public, which turned off the rewrite that forced SSL. Browsing from an insecure URL, combined with the secure cookie set to true prevented login. I uncommented the rewrite rules and once my URL was once again https://, login worked again.

@snipe, I know this may be a longshot, but is there any way to make those .htaccess rules something that can be switched on and off in the ENV file (or something more immutable) so they aren't overwritten by upgrades? It's an easy step to forget. Thanks!

@snipe
Copy link
Owner

snipe commented Nov 18, 2016

@steveelwood unfortunately no. htaccess is at the web server layer, and the .env stuff is parsed by PHP.

@snipe snipe closed this as completed Aug 22, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
❓ not sure if bug This issue has not been confirmed as a bug yet
Projects
None yet
Development

No branches or pull requests

4 participants