Status Code 419 (CSRF token mismatch.)

[yuliia-bondareva-corefy]

Bug description

I get a Status Code 419 error sometimes when logging into the control panel, sometimes when I try to create an entry or taxonomy. I never received this error locally, only in a dev environment.
The data in the dev environment and locally is the same. I thought that maybe the problem was in the database, but I deployed the database locally from the dev, there were no errors locally, they remained on the dev.

I checked on the server and the UTS timezone is set in Laravel, SESSION_LIFETIME = 120. I increased SESSION_LIFETIME to 1120. the errors remained

How to reproduce

The problem is in the browser and incognito mode. I use chrome and mozilla. When entering the control panel, I received 419 when I opened the control panel in Chrome, and then in Mozilla. I solve this problem by rebuilding the project. As I understand it, all data located in gitignor is erased (about cache and sessions) and you can log into the control panel without an error

in the response headers I don't see the server returning XSRF-TOKEN

I don’t know whether the error is related or not, but in the control panel in a dev environment I can’t access the cache. I either get a bunch of redirects or 504 Gateway Time-out

Logs

No response

Environment

Environment
Application Name: PayAtlas
Laravel Version: 10.48.10
PHP Version: 8.2.10
Composer Version: 2.5.4
Environment: dev
Debug Mode: ENABLED
URL: dev.payatlas.dev
Maintenance Mode: OFF

Cache
Config: NOT CACHED
Events: NOT CACHED
Routes: NOT CACHED
Views: CACHED

Drivers
Broadcasting: log
Cache: statamic
Database: pgsql
Logs: stack / daily, database
Mail: smtp
Queue: sync
Session: file

Statamic
Addons: 4
Antlers: runtime
Sites: 1
Stache Watcher: Disabled
Static Caching: Disabled
Version: 4.57.2 PRO

Statamic Addons
osayaweventures/share-links: 1.0.1
statamic/eloquent-driver: 3.4.0
statamic/seo-pro: 5.4.4
teamnovu/graphql-breadcrumbs: 1.0.3

Statamic Eloquent Driver
Asset Containers: eloquent
Assets: eloquent
Blueprints: eloquent
Collection Trees: eloquent
Collections: eloquent
Entries: eloquent
Forms: eloquent
Global Sets: eloquent
Global Variables: eloquent
Navigation Trees: eloquent
Navigations: eloquent
Revisions: eloquent
Taxonomies: eloquent
Terms: eloquent

Installation

Existing Laravel app

Antlers Parser

None

Additional details

No response

[duncanmcclean]

This is likely a server configuration issue, rather than a bug in Statamic.

What does your server setup look like? Are you using Forge / Ploi / something else? Are you using Cloudflare (or anything similar) in front of your server?

Can you try using the database session driver instead of the file one to see if that helps?

What is SESSION_TIMEOUT set to in your .env?

[yuliia-bondareva-corefy]

SESSION_TIMEOUT = SESSION_LIFETIME = 120 minutes

I’ll now convert the session driver to use a database and post the result

Uses a Kubernetes cluster on instances of various sizes in the Amazon Web Services environment; the application is launched in a container based on the php:8.2-fpm-alpine3.17 image, to which extensions necessary for the normal functioning of most applications have been added. CloudFlare is not installed in front of the domain, the domain registrar is Google Domains, it is hosted on AWS name servers.

[duncanmcclean]

Uses a Kubernetes cluster on instances of various sizes in the Amazon Web Services environment; the application is launched in a container based on the php:8.2-fpm-alpine3.17 image, to which extensions necessary for the normal functioning of most applications have been added.

I have no experience with Kubernetes - does that mean you're running the same site on multiple servers/containers?

[yuliia-bondareva-corefy]

@duncanmcclean thanks for the help. I made the session driver a database. and it helped.

There is still a problem with the cache page. Maybe I need to give some access to the application on the server for it to work correctly?

[duncanmcclean]

Are there any errors in your log file?

[yuliia-bondareva-corefy]

no, there are no errors in the logs