Unable to set session variables after upgrading to 5.4

Published 11 months ago by tyler.brandt

Hi, so we recently upgraded Laravel from 5.1 to 5.4, I wasn't involved in the update but I'm going through now trying to fix anything that may not be working after the change.

I noticed that our session flash messages don't show up upon login/other tasks, and I figured out that our session variables aren't getting set. I checked to ensure that we were using Session::put() instead of set(), and we are indeed using Session::put(). I have also tried the session('key', $value) method with no luck.

I literally have this code in my controller right now:

session('message', 'test message'); dd(session()->all());

And there is no 'message' variable dumped out at all. Any ideas as to what might be going on? All help is greatly appreciated.


update: I tried doing this instead:

session()->put('message', 'test message');

And it worked when these two calls were right next to each other. However, I would actually like to set a session variable in a controller function before returning a redirect to another route, and then be able to see the variable at that point, but I cannot. Should I be able to see the variable at that point?


What does your session config look like? Are you setting a SESSION_DOMAIN or anything?

11 months ago (215,690 XP)

It seems that lately many folks have had session trouble. Just my 2 cents, but some config setting is extremely hard to set, or there is a bug (possibly). Either way as common as sessions are to the web it shouldn't be a huge nightmare to get them working.

I also use cakephp for a project and never had problems with session, also laravel 5.1 never any trouble.

'domain' => env('SESSION_DOMAIN', null),

And I don't have an environment variable set up for SESSION_DOMAIN, so it is null

11 months ago (215,690 XP)

@tyler.brandt try to hard code your config information rather than using a env file, that thing was never meant for a production setup.

Edit: I believe you need SESSION_DOMAIN for sessions to work, sorry I am a 5.1 user. Hoping 5.5 is LTS.


Hmm, I don't see anything about the SESSION_DOMAIN setting in the docs, maybe I'm just missing it? Otherwise could someone shed some light on this?

11 months ago (215,690 XP)

@Snapey gave this answer in another post

Did some experimentation into SESSION_DOMAIN

This might not help you but may help others coming to this post in the future.

If SESSION_DOMAIN is set to anything then it needs to match exactly the domain you are using, or the root domain if using a subdomain. Otherwise cookies are generated for session and csrf but then not returned to the server when submitting a form because they don't match the servers domain.

If SESSION_DOMAIN is omitted then the browser will always use the same domain.

If you don't have SESSION_DOMAIN in the .env file, check also that the config/session.php file has not been changed. It should be set to null in order to not impose a domain. e.g.;

'domain' => env('SESSION_DOMAIN', null),

So if it's set to null you should be good to go.

Also @Snapey if you read this, you said

Otherwise cookies are generated for session and csrf

Can you confirm that, because if I am using session I want session, not a cookie. That would be plumb weird.

11 months ago (868,375 XP)

SESSION_DOMAIN can be empty (and should be for least complications)

Can you login and persist that login from one page to another (this would show if sessions are not working)

If you are using files for Session management, are you getting files created in storage/framework/sessions?


My login persists between pages without any issues. I just tested with the framework/sessions folder, and it appears to be acting strangely.

When I visit the login page, a new file is created. When I click 'login', one more file is created, and then one more when the landing page is loaded. Any time that I visit another page in the application, either one or three more files are created, depending on the page.


Here is the content produced from Config::get(session)

array:14 [▼
  "driver" => "file"
  "lifetime" => 12000
  "expire_on_close" => false
  "encrypt" => false
  "files" => "/home/vagrant/Code/my_application/storage/framework/sessions"
  "connection" => null
  "table" => "sessions"
  "store" => null
  "lottery" => array:2 [▼
    0 => 2
    1 => 100
  "cookie" => "laravel_session"
  "path" => "/"
  "domain" => null
  "secure" => false
  "http_only" => true
11 months ago (868,375 XP)

One thought, Do you have 'web' middleware in your routes.php file?

This is now applied globally so you don't need to include it.

A telltale sign of this issue is if you run php Artisan route:list then look at your routes, you might see web,web listed in the middleware column


Just checked my routes/web.php file, and it doesn't have 'web' middleware listed anywhere, however we are using some of our own custom middlewares, so maybe those are including the web middleware?

My routeServiceProvider is declaring the middleware, this is where it is globally applied, correct?


What I have finally done to fix the issue is to remove that from the RouteServiceProvider, and add the following to my [email protected] function


And now my session variables are persisting

Please sign in or create an account to participate in this conversation.