CSRF token mismatch | Pterodactyl® | Page 1

steep gulch Dec 17, 2023, 9:52 PM

#

I know this is frequently asked but I couldn't solve it by myself. APP_URL is matching in the browser. Nginx not additional proxy, https, secure cookie, system log normal, laravel log empty.

Thanks for any help.

subtle locust Dec 17, 2023, 11:21 PM

#

Is SESSION_SECURE_COOKIE set to true in the .env?

steep gulch Dec 17, 2023, 11:25 PM

#

yep it is.

#

But I tried SESSION_SECURE_COOKIE=false before ...

wary vine Dec 17, 2023, 11:42 PM

#

steep gulch But I tried `SESSION_SECURE_COOKIE=false` before ...

When you tried with that set, did you clear the cache server-side
php /var/www/pterodactyl/artisan config:clear
and client-side (Troubleshoot in a private/incognito window)?

steep gulch Dec 17, 2023, 11:47 PM

#

Redid it. Ensured via developer console that secure is not set. Still CSRF token mismatch. HttpOnly is set SameSite is Lax.

wild kindleBOT Dec 17, 2023, 11:47 PM

#

@steep gulch; Enable SSL for your Panel with HTTPS protocol scheme in the APP_URL, or set SESSION_SECURE_COOKIE to false in your .env which is a hidden file located at /var/www/pterodactyl.

You can open it directly with nano /var/www/pterodactyl/.env. Refresh config cache with cd /var/www/pterodactyl && php artisan config:clear

steep gulch Dec 17, 2023, 11:49 PM

#

#CSRF token mismatch