#Laravel Project Deployment

I am deploying my project to the server using CI/CD. However, after deployment, I sometimes encounter a 419 "Page Expired" error related to @csrf when trying to log in to the website.

My first question is: Why am I receiving this error after deployment, specifically when attempting to log in?

My second question is: Which artisan commands should I include in the POST_SCRIPT to prevent this issue? Currently, I am running the following commands:
mkdir -p ~/projectname/bootstrap/cache || true
mkdir -p ~/projectname/storage/framework || true
mkdir -p ~/projectname/storage/framework/cache || true
mkdir -p ~/projectname/storage/framework/sessions || true
mkdir -p ~/projectname/storage/framework/testing || true
mkdir -p ~/projectname/storage/framework/views || true
php ~/projectname/artisan storage:link
php ~/projectname/artisan optimize:clear
php ~/projectname/artisan optimize
php ~/projectname/artisan migrate --force

Does the error happen if you deploy after loading the login page? If you clear your sessions after deploy, the CSRF token that was loaded in the login page won't be valid by the time you submit the form

Also side note, optimize implicity clears everything before rebuilding the caches, so there's no need to run optimize:clear before optimize.

Some users have reported an issue, but I'm not sure what to do with the sessions after deployment if the login page is already open. A few users are still experiencing the problem even after clearing their cookies and reopening the page.

Any suggestions on how to resolve this?

One solution would be to not nuke your whole sessions folder after every deploy

If clearing cookeis doesn't fix it for your users, it's likely their browser is caching the whole page and you'd need to instruct them to perform a hard refresh

However, after the first failed login attempt, the new login form should have a fresh csrf token that should be valid

i've added this on the login controller:
return response(view('sign-in', compact('page'), ['error' => 'Invalid credentials.']))
->header('Cache-Control', 'no-cache, no-store, must-revalidate')
->header('Pragma', 'no-cache')
->header('Expires', '0');

to avoid the caching

Should help

Of course sessions should not be cleared on deploy, and I don't see that you're doing that with the script above.

You should not have to set any cache headers manually, Laravel defaults to no-cache headers for all pages.

Do users reload the login form after clearing the cookies?

I don't know if the users reloaded the page, but some users said that they couldn't log in even after they cleared the cookies, hard reloaded, cache clear and opened a new page. It is weird because it happens only to some users.

Yeah it definitely sounds weird. That is probably not related to deployment, if they have refreshed everything and have a new session, that would all be on the new deployment.

What session driver are you using? Is there any chance that data is being cleared/purged sometimes?

I'm using file as session driver, and I'm flushing the opcache, FastCGI and cloudflare cache on deployment.

I meant only the sessions, is there anything that might be flushing these files before they expire? Have you checked disk space?