When you use the inbuilt security token i.e. csrf token in the view form the security authentication will probably show this page expired error when you submit the form. The session driver is already set to array and you have to change it to file. Then the error will disappear. When you set the session driver to file it has something to do with the storage_path for not being writable. It stores session data regarding tokens in this storage_path if you are using file-based sessions. In some cases, like receiving POST from third party excluding or adding an exception to the route will do the job.  When you use multiple subdomains clearing the cookies and setting the SESSION_DOMAIN in the.env file will solve the problem.