Make sure your route has the webmilddleware applied to it.

确保您的路由应用了Web软件。

Pretty much any route where you will want sessions, csrf protection, encrypted cookies, session errors, etc ... you will need the 'web' middleware group applied.

几乎任何您需要会话、csrf 保护、加密 cookie、会话错误等的路由……您都需要应用“网络”中间件组。

Check your routes.php file for the route group like so:

检查路由组的 routes.php 文件，如下所示：

Route::group(['middleware' => 'web'], function () {
    //
});

Update:Since 5.2.27 The RouteServiceProvidernow puts all your routes in routes.phpin a route group that has the webmiddleware applied for you.

更新：自 5.2.27 以来，RouteServiceProvider现在将您的所有路由routes.php放入一个web为您应用了中间件的路由组中。

In Version 5.2 : You move Route into:

在 5.2 版中：您将 Route 移动到：

Route::group(['middleware' => ['web']], function () {
    //Your route here
});

Have two way to use Token in form (https://laravel.com/docs/master/routing#csrf-protection):

有两种使用 Token 形式的方法（https://laravel.com/docs/master/routing#csrf-protection）：

// Vanilla PHP
<?php echo csrf_field(); ?>

// Blade Template Syntax
{{ csrf_field() }}

Or

或者

<input type="hidden" name="_token" value="<?php echo csrf_token(); ?>">

use

用

{!! csrf_token() !!} 

instead of

代替

{{ csrf_token() }}

Make sure that session path is writable. If not, laravel compares null (no session token) with $_POST['_token']value and throws mismatch error despite the real reason.

确保会话路径是可写的。如果不是，laravel 将 null（无会话令牌）与$_POST['_token']value进行比较并抛出不匹配错误，尽管有真正的原因。

Just incase anyone is still hitting this issue,

以防万一有人还在解决这个问题，

inside config/session.phpmy sessions essentially weren't working (even though they seemed alright for a while)

在config/session.php 中，我的会话基本上无法正常工作（尽管有一段时间它们看起来还不错）

Make sure that the 'domain' variable is set to null!

确保“域”变量设置为空！

Fixed everything for me as none of the other things where actually my issue.

为我修复了所有问题，因为实际上我的问题没有其他任何事情。

Hope it helps someone.

希望它可以帮助某人。

Edit your VerifyCsrfToken.php from Middleware folder to this

将您的 VerifyCsrfToken.php 从 Middleware 文件夹编辑到此

<?php namespace App\Http\Middleware;

use Closure;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier {

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)

    {
        $response = $next($request);
        $response->headers->set('Access-Control-Allow-Origin' , '*');
        $response->headers->set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE');
        $response->headers->set('Access-Control-Allow-Headers', 'Content-Type, Accept, Authorization, X-Requested-With, Application');

        return $response;
    }
}

I have the same issue as you, I'm on Laravel 5.2, I have also a token field on my form but still throwing me the error of "TokenMismatch" very annoying right?

我和你有同样的问题，我在 Laravel 5.2 上，我的表单上也有一个令牌字段，但仍然向我抛出“TokenMismatch”的错误非常烦人，对吗？

This answer is for all the people who have already used {{ csrf_field() }}after the <form>tag in their view.blade.phpfile and have also run the php artisan key:generatecommand but are still getting the Token Mismatch error. These are the steps I took to resolve the TokenMismatchException error for one of my projects that was still in development.

此答案适用于已在其文件中{{ csrf_field() }}的<form>标记之后使用view.blade.php并运行该php artisan key:generate命令但仍收到令牌不匹配错误的所有人员。这些是我为解决仍在开发中的项目之一的 TokenMismatchException 错误而采取的步骤。

Delete cache files from the following two folders within your laravel project:

从 Laravel 项目中的以下两个文件夹中删除缓存文件：

1. storage/framework/sessions/
2. storage/framework/views/

1. 存储/框架/会话/
2. 存储/框架/视图/

After removing the cache files, clear your browser cache.

删除缓存文件后，清除浏览器缓存。

I think this is quite a deep problem as there can be many causes of this. For me, i was upgrading from Laravel 5.1 to 5.2. I am also using the database to store my sessions. It was giving me this error but when i checked the laravel error logs (/storage/logs) i found that Laravel 5.2 expects the session table to have user_id, ip_address and user_agent fields. Mine didn't. When i added these fields it all worked the same as before the upgrade. So, my advice is to check the error log!

我认为这是一个很深的问题，因为可能有很多原因。对我来说，我是从 Laravel 5.1 升级到 5.2。我还使用数据库来存储我的会话。它给了我这个错误，但是当我检查 Laravel 错误日志 (/storage/logs) 时，我发现 Laravel 5.2 期望会话表具有 user_id、ip_address 和 user_agent 字段。我的没有。当我添加这些字段时，它的工作方式与升级前相同。所以，我的建议是检查错误日志！

Maybe you can use this : (src = https://laravel.com/docs/5.2/routing)

也许你可以使用这个：（src = https://laravel.com/docs/5.2/routing）

<form action="/foo/bar" method="POST">
 <input type="hidden" name="_method" value="PUT">
 <input type="hidden" name="_token" value="{{ csrf_token() }}">
</form>

I can confirm this problem, both csrf_token() and csrf_field() produce empty token fields in Laravel 5.2. According to the docs, both methods should still work but they don't appear to do so. My installation is completely fresh so either the docs are incorrect or a bug is present.

我可以确认这个问题，在 Laravel 5.2 中 csrf_token() 和 csrf_field() 都会产生空的令牌字段。根据文档，这两种方法都应该仍然有效，但它们似乎没有这样做。我的安装是全新的，所以要么文档不正确，要么存在错误。