Laravel 10 Demystifying and Resolving the 419 Page Expired Error

Spread the love

Laravel 10: Have you ever been baffled by the “Page Expired” problem in your Laravel applications with the HTTP code 419? This common problem is frequently associated with CSRF (Cross-Site Request Forgery) tokens, and we’re here to explain why and how to fix it.

Why “419 Page Expired” Occurs and How to Fix It

You’ve probably used the @csrf directive in your forms in your Laravel 8, 9, or 10 applications. This directive creates a hidden input field with a CSRF token that is added when you submit the form. The token confirms that the form submission came from your application and not a third party. When the CSRF token does not match, problems such as “419 Page Expired” occur. This mismatch can develop for a variety of reasons, including:

a. If you leave a page open for too long, the token may expire. This is, in fact, a security feature. In this situation, simply refreshing the page in your browser and re-submitting the form would cure the problem.

b. Alternatively, the issue could occur if you failed to add the @csrf directive within your form. Laravel expects the CSRF token to be present by default, due to the "VerifyCsrfToken" middleware that filters requests.

Laravel 10 Disabling CSRF Protection on Specific Pages

You may want to disable CSRF protection on specific pages from time to time to avoid those annoying "419 HTTP" codes. Rather than deleting the middleware from the kernel, you can indicate which pages should be exempt from CSRF protection.

To do so, open "app/Http/Middleware/VerifyCsrfToken.php" and change the $except array. Here’s an illustration:

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
     * The URIs that should be excluded from CSRF verification.
     * @var array<int, string>
    protected $except = [

This code sample shows how to exclude specified URIs from CSRF verification, preventing the "419 Page Expired" error from occurring on those URLs.


In this article, we investigated the ubiquitous "419 Page Expired" error in Laravel 10 and gave strategies to properly address it. Understanding why this problem occurs and how to disable CSRF protection on specific pages can substantially improve the efficiency and user experience of your Laravel application. You’ll be well-equipped to deal with this issue and ensure the seamless operation of your Laravel projects if you follow the techniques indicated below. Don’t allow the "419 Page Expired" problem slow you down; take control of the security and performance of your Laravel application today.

Some times we need to create a simple admin panel for our app. I’ve created a article Simplifying Admin Panel Creation In Laravel 10 where I discussed about creating a middleware to manage a simple admin panel in details.

Happy Coding !