Mail: [email protected] Phone: +1(424)231-4091

CSRF Token Mismatch On NexoPOS 4.x

Sometimes after installing NexoPOS 4.x, you might be experiencing a CSRF Token Mismatch when you try to log in. This issue is often related to how NexoPOS 4.x was installed. This guide will cover how you can fix the CSRF Token mismatch on NexoPOS 4.x.

What Cause This Issue ?

It looks like some people install NexoPOS using the virtual server built-in Laravel "php artisan serve". The problem with this approach is that the configuration file .env is configured with the address you're using to install which is mostly "127.0.0.1:8000", then if afterward the system is accessed through a different address, the configuration that has been automatically made by the system won't more be effective and cause a CSRF token mismatch, but accessing the system through "127.0.0.1:8000" still works as the .env file is configured to work with this address. Remember that NexoPOS 4.x use Laravel Sanctum behind the scene to exposing his API. Let's now see how to fix that issue.

How to Fix the CSRF Token Mistmatch on NexoPOS 4.x

First of all, there is an understanding that needs to be kept while using NexoPOS 4.x. Because we're using Sanctum, the system should be accessible from more than one address. Whenever you plan to change the address of the system, you should perform the necessary adjustment on the .env file to make sure the generated tokens are made for the system.

In order to fix this problem, you need to make sure the APP_URL, SESSION_DOMAIN, and SANCTUM_STATEFUL_DOMAINS are pointing to the same address. If your address includes a port for example: "yourwebsite.com:8888", the key "SESSION_DOMAIN" must not include the port using the previous example, here is how the .env should look like with the required combination.

Example with "yourwebsite.com" as a domain

APP_URL=http://yourwebsite.com
SANCTUM_STATEFUL_DOMAINS=yourwebsite.com
SESSION_DOMAIN=yourwebsite.com

Example with a 127.0.0.1:8000 as a domain

APP_URL=http://127.0.0.1:8000
SANCTUM_STATEFUL_DOMAINS=127.0.0.1:8000
SESSION_DOMAIN=127.0.0.1

After doing the necessary change, don't forget to refresh the page and/or to clear your actual cookies. Note that this change is only required if you plan to change the address of the system.

Are you still failing? Don't hesitate to get in touch with us at [email protected] to have premium support.