The csrf token mismatch error is always displayed in the subdomain website

[blackmoore14]

• Laravel Version: 9.52.5
• Nova Version: 4.23.0
• PHP Version: 8.2.3
• Database Driver & Version: mysql Ver 14.14
• Operating System and Version: Ubuntu 22.04.1 LTS
• Browser type and version: Google Chrome Version 111.0.5563.147 (Official Build) (64-bit)
• Reproduction Repository: https://bitbucket.org/

Description:

My test website uses a subdomain, but it keeps showing csrf token mismatch error. I try to exclude it in the VerifyCsrfToken middleware, but there is no way. I have been trying for a whole day and there is no solution

Detailed steps to reproduce the issue on a fresh Nova installation:

localhost tests are perfectly fine, so this should have nothing to do with the installation process

error code:
| 1 | default | CSRF token mismatch. | NULL | NULL | NULL | NULL | NULL | {"getFile":"\/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Foundation\/Http\/Middleware\/VerifyCsrfToken.php","getLine":85,"getCode":0,"getTraceAsString":"#0 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Pipeline\/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle()\n#1 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/View\/Middleware\/ShareErrorsFromSession.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()\n#2 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Pipeline\/Pipeline.php(180): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle()\n#3 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Session\/Middleware\/StartSession.php(121): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()\n#4 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Session\/Middleware\/StartSession.php(64): Illuminate\\Session\\Middleware\\StartSession->handleStatefulRequest()\n#5 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Pipeline\/Pipeline.php(180): Illuminate\\Session\\Middleware\\StartSession->handle()\n#6 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Cookie\/Middleware\/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()\n#7 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Pipeline\/Pipeline.php(180): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle()\n#8 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Cookie\/Middleware\/EncryptCookies.php(67): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()\n#9 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Pipeline\/Pipeline.php(180): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle()\n#10 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Pipeline\/Pipeline.php(116): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()\n#11 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Routing\/Router.php(797): Illuminate\\Pipeline\\Pipeline->then()\n#12 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Routing\/Router.php(776): Illuminate\\Routing\\Router->runRouteWithinStack()\n#13 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Routing\/Router.php(740): Illuminate\\Routing\\Router->runRoute()\n#14 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Routing\/Router.php(729): Illuminate\\Routing\\Router->dispatchToRoute()\n#15 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Foundation\/Http\/Kernel.php(190): Illuminate\\Routing\\Router->dispatch()\n#16 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Pipeline\/Pipeline.php(141): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}()\n#17 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/nova\/src\/Http\/Middleware\/ServeNova.php(23): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()\n#18 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Pipeline\/Pipeline.php(180): Laravel\\Nova\\Http\\Middleware\\ServeNova->handle()\n#19 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/fruitcake\/laravel-cors\/src\/HandleCors.php(38): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()\n#20 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Pipeline\/Pipeline.php(180): Fruitcake\\Cors\\HandleCors->handle()\n#21 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Http\/Middleware\/TrustProxies.php(39): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()\n#22 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Pipeline\/Pipeline.php(180): Illuminate\\Http\\Middleware\\TrustProxies->handle()\n#23 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Foundation\/Http\/Middleware\/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()\n#24 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Foundation\/Http\/Middleware\/ConvertEmptyStringsToNull.php(31): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()\n#25 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Pipeline\/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull->handle()\n#26 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Foundation\/Http\/Middleware\/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()\n#27 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Foundation\/Http\/Middleware\/TrimStrings.php(40): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()\n#28 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Pipeline\/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle()\n#29 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Foundation\/Http\/Middleware\/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()\n#30 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Pipeline\/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle()\n#31 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Foundation\/Http\/Middleware\/PreventRequestsDuringMaintenance.php(86): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()\n#32 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Pipeline\/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle()\n#33 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Pipeline\/Pipeline.php(116): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()\n#34 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Foundation\/Http\/Kernel.php(165): Illuminate\\Pipeline\\Pipeline->then()\n#35 \/home\/forge\/test.baodaotalk.com\/20230410083617\/vendor\/laravel\/framework\/src\/Illuminate\/Foundation\/Http\/Kernel.php(134): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter()\n#36 \/home\/forge\/test.baodaotalk.com\/20230410083617\/public\/index.php(54): Illuminate\\Foundation\\Http\\Kernel->handle()\n#37 {main}"} | NULL | 2023-04-10 08:44:06 | 2023-04-10 08:44:06 |

[blackmoore14]

https://test.baodaotalk.com/backend/login <<<< this website

[crynobone]

It seems that you have a misconfiguration with the application session (notice that <meta name="csrf-token" /> content value changed on each page load. This shouldn't happen if the session configuration has been set correctly.

[crynobone]

This should provide some indication what's currently is wrong with your configuration.