419 | Page Expired (CSRF token expired)

[stephenmeehanuk]

Bug description

When I try to login using Chrome, I see a 419 | Page Expired page. If I press back, I'm logged in?

• Clear all cookies and cache in Google Chrome
• Visit /cp/auth/login
• Enter login details, press login
• 419 | Page Expired
• Press refresh, nothing
• Press back, logged in?
• Log out, returns to /cp/auth/login
• Try to login again
• 419 | Page Expired
• Press back, /cp loads

On my staging site (https) I'm using STATAMIC_STATIC_CACHING_STRATEGY=half.
Someone in Discord suggested using SESSION_SECURE_COOKIE=true which I've done.

I've cleared the browser cache, and done a hard reload.

But it keeps on showing a 419 | Page Expired message.

It also happens on local (valet) http site. Not using SESSION_SECURE_COOKIE=truelocally.

How to reproduce

I think the issue is local to my browser, as it's not a problem when using incognito mode or Edge. It's happening in all browsers and in incognito mode in Chrome.

Just wondering why this would be happening?

Logs

No response

Environment

Environment
Application Name: 
Laravel Version: 10.48.10
PHP Version: 8.2.17
Composer Version: 2.7.4
Environment: staging
Debug Mode: OFF
URL: staging.website.com
Maintenance Mode: OFF

Cache
Config: CACHED
Events: NOT CACHED
Routes: CACHED
Views: CACHED

Drivers
Broadcasting: pusher
Cache: redis
Database: mysql
Logs: stack / single
Mail: smtp
Queue: redis
Session: redis

Livewire
Livewire: v3.4.11

Statamic
Addons: 6
Antlers: runtime
Sites: 1
Stache Watcher: Disabled
Static Caching: half
Version: 4.57.2 PRO

Statamic Addons
jacksleight/statamic-bard-mutator: 2.3.0
jonassiewertsen/statamic-jobs: 1.4.0
jonassiewertsen/statamic-live-search: 2.0.1
jonassiewertsen/statamic-livewire: 3.2.0
statamic/collaboration: 0.8.1
teamnovu/statamic-images-missing-alt: 1.0.2

Installation

Fresh statamic/statamic site via CLI

Antlers Parser

Runtime (default)

Additional details

No response

[duncanmcclean]

I've moved this into a discussion since it's likely a configuration issue, rather than a bug in Statamic itself.

Can you try switching the session driver to file? Also, what do you have SESSION_LIFETIME set to in your .env?

[duncanmcclean]

That's so weird. Which browser are you using? Have you tried clearing your browser cache & cookies?

[stephenmeehanuk]

I know? I've cleared browser cache & cookies multiple times. I'll keep an eye on it, try and figure out (if I can) what triggers it. It's odd that sometimes I can press back and I'm logged into the /cp.

[duncanmcclean]

I'm guessing it works fine if you use a completely different browser?

[stephenmeehanuk]

Yup, works fine in: Safari, Chrome (Canary), Edge, Opera

Just Chrome?!

[duncanmcclean]

Very weird - sounds like it could be some kind of Chrome issue (maybe?) but weird that it'd work fine in incognito 🤷‍♂️