Symfony 3.0.1 CSRF token present but invalid

Question

I am having this strange issue with a fresh Symfony 3.0.1 installation. I generated a new CRUD Controller with a Form PostType which contains an url and a title. Nothing fancy.<

Answer 1

The bug is also present in 3.0.4. save_path: ~ worked for me.

Answer 2

It seems to be a bug in symfony version >3.0, <3.0.3.

As @yellowmen pointed out, changing the framework.session.save_path in the config.yml fixes the problem.

Answer 3

I experienced a similar problem with Symfony 4.2 when switching from dev to test environment.

I had the following setting in my framework.yaml file:

framework:
    session:
        storage_id: session.storage.mock_file

Solution:

Removing the storage_id: session.storage.mock_file-setting solved the problem.

Important: You probably have to clear the cache for this to take effect.

For more information about the storage_id-configuration option also see here.

Answer 4

I had the same on env=dev but not on preprod (symfony 4.4)

--Solution--

There was missing sessions dir in the root I have created one then the problem solved.

cheers

Answer 5

I just had a similar issue with Symfony 3.2

The CSRF token is invalid. Please try to resubmit the form.

After hours, we finally found the issue was related to session.cookie_secure (https):

Our production environment uses https, thus forces cookies to be secured over https. The dev environment used http. After moving the dev from HTTP to HTTPS, problem was fixed.

Answer 6

In my case it was that the var/sessions/ folder wasn't writable. The default is var/sessions which is set at config.yml.

session:
    # http://symfony.com/doc/current/reference/configuration/framework.html#handler-id
    handler_id:  session.handler.native_file
    save_path:   "%kernel.root_dir%/../var/sessions/%kernel.environment%"

Make sure you have var/ folders writable.

chmod 775 -R var/sessions/
chmod 775 -R var/log/
chmod 775 -R var/cache/