Laravel csrf-token mismatch error on aws beanstalk

Question

Hi,
we're experiencing trouble reaching Laravel app stored in aws beanstalk envinronment with a ALB and autoscaling enabled.

Performing some actions that requiring csrf token verification we have a 419 error.

In the staging environment equal to production but with only 1 instance and autoscaling disabled this problem didn't occur.

We are pretty sure that could be related to the persistent of the session because having multiple instance serving the production beanstalk environment, probably the session initialize in one instance and continue in another one and validation of token fail, expiring the session.

How we can solve this problem?

Answer

As I understand, Laravel CSRF "token" is stored in [user session](https://laravel.com/docs/11.x/csrf#preventing-csrf-requests).

Where are you storing your  [session data](https://laravel.com/docs/11.x/session#configuration)?
If this is files, you will need to change it to an external shared data store. This can be database, [dynamodb](https://aws.amazon.com/dynamodb/), redis/memcache ([Elasticache](https://aws.amazon.com/elasticache/)).  It will allow all your instances access to session data.

As a workaround, you can enable ALB [sticky sessions](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/sticky-sessions.html). However, it will have some impact on scalability as web requests are not evenly distributed across all your instances.

Laravel csrf-token mismatch error on aws beanstalk

相关内容