Bug tracking for Laravel — session replay, console + HAR (2026)
Laravel bug-reporting guide for QA + dev teams: framework-specific gotchas, common bugs, and how to capture them with BugMojo session replay.
What Laravel teams ship with BugMojo
Laravel reports a validation failure two completely different ways depending on how the request arrived. A traditional Blade or Inertia full-page POST gets a 302 redirect back with errors flashed to the session (the $errors MessageBag) plus the old() input; an XHR or JSON request to the same controller, hitting the same FormRequest, gets an HTTP 422 with a structured {message, errors{}} body that uses dot notation for nested fields like "users.0.email". Same code, two browser-visible outcomes, which is exactly why a screenshot is ambiguous and a captured network HAR is decisive.
The other Laravel bug that dominates support queues is the 419 Page Expired, a TokenMismatchException raised when a POST, PUT, PATCH, or DELETE arrives without a valid CSRF token. The @csrf Blade directive injects it into server-rendered forms, but an Inertia + Axios SPA must send it as the X-XSRF-TOKEN header read from the XSRF-TOKEN cookie, and a stale or mis-scoped SESSION_DOMAIN silently breaks the match. This guide is for Laravel teams shipping Blade, Livewire, and Inertia (React/Vue) in 2026: what these failures look like in the browser, and how to capture the exact request that caused them.
Laravel gotchas
Framework-specific failure modes engineers actually ship through. Each is hard to spot in a screenshot and obvious in a session replay.
Common Laravel bugs
Real Laravel bug patterns — the symptom you will see in a report and the fix that actually works.
Validation errors never appear on an XHR-submitted form
Symptom: A fetch/Axios form submit fails silently with no inline errors and no toast. The user retypes and resubmits with no feedback at all.
Fix: An XHR request returns 422 with a JSON errors object; nothing renders automatically, so your JS must read response.data.errors and paint it. Confirm the response is 422 (not a 302 your client followed into HTML), then map the dot-notation keys to fields. The captured HAR shows the 422 body that your UI ignored.
// 422 body Laravel returns for an XHR request
{
"message": "The given data was invalid.",
"errors": {
"email": ["The email field is required."],
"address.zip": ["The address.zip must be 5 digits."]
}
}Every POST in an Inertia app returns 419 Page Expired
Symptom: Forms worked yesterday; today every submit shows a generic Inertia error modal. GET pages still load fine, so it looks framework-wide.
Fix: The XSRF-TOKEN cookie is missing or out of scope, so Axios never sends X-XSRF-TOKEN. Set SESSION_DOMAIN to your apex domain, confirm the cookie is present on the failing request, and handle 419 server-side so users get a real message instead of a modal.
// bootstrap/app.php — turn a raw 419 into a usable Inertia redirect
->withExceptions(function (Exceptions $exceptions) {
$exceptions->respond(function (Response $response) {
if ($response->getStatusCode() === 419) {
return back()->with([
'message' => 'The page expired, please try again.',
]);
}
return $response;
});
})Livewire form does a full page reload and loses errors
Symptom: Submitting a Livewire form reloads the whole page and any previously shown validation errors disappear instead of updating in place.
Fix: The submit handler is missing wire:submit.prevent (or wire:submit), so the browser performs a native POST and bypasses Livewire. Add wire:submit to the form so $this->validate() runs server-side and the reactive $errors bag re-renders without a reload.
{{-- bug: native POST bypasses Livewire --}}
<form action="/save" method="POST">
{{-- fix: Livewire round-trip, reactive $errors --}}
<form wire:submit="save">BugMojo vs alternatives
The honest comparison — where BugMojo wins, and where another tool might serve you better.
| Feature | BugMojo | Telescope / Sentry |
|---|---|---|
| DOM session replay of the user's exact steps | Yes, rrweb-based | Partial: Sentry replay (sampled) |
| Network HAR with the 419/422 request + headers | Yes, shows X-XSRF-TOKEN present/missing | Partial: server-side view only |
| Captures from Blade, Livewire & Inertia uniformly | Yes, browser-layer, no SDK | Partial: needs server instrumentation |
| MCP server: Claude Code / Cursor read the report in the IDE | Yes, bug is a first-class assignee | No, neither Telescope nor Sentry has this |
| Always-on production error monitoring & aggregation | No, on-demand capture only | Yes, Sentry is more complete here |
| Local request/query/exception inspection | No | Yes, Telescope in local dev |
| Console + network (HAR) capture | ✓ | Partial |
| Zero-setup Quick Capture | No project, no SDK | Account / SDK required |
BugMojo records the DOM, console, and network — then ships a one-click ticket with the full replay attached. No SDK, no setup.
Try BugMojo freeFrequently asked questions
Frequently asked questions
Sources
- Laravel 12.x validation — 302 redirect with $errors/old() vs 422 JSON {message, errors{}} (dot notation) — Laravel (official docs, v12.x) (2025)
- Inertia.js v2 CSRF protection — XSRF-TOKEN cookie, X-XSRF-TOKEN header, 419 modal, bootstrap/app.php fix — Inertia.js (official docs) (2025)
- Laravel Livewire v4 validation — $this->validate(), reactive $errors bag, wire:submit, wire:model.live — Laravel Livewire (official docs, v4.x) (2026)
- 419 Page Expired Error in Laravel — How to fix it (@csrf, SESSION_DOMAIN, HTTPS/HTTP, cache, CSRF excludes) — SaaSykit (2024)
- State of PHP 2025 — Laravel 64% of 1,720 PHP-primary developers, WordPress 25%, Symfony 23% — JetBrains (PhpStorm blog) (2025-10)