Auth session killed after redirect | laravel 5.2

Have you added the middleware group 'web' to your routes. In 5.1 , this was default for all the routes and was used for session management and csrf verification etc.

Yes I made a new Middlewaregroup called auth, it got this in it:

    'auth' => [
        \App\Http\Middleware\EncryptCookies::class,

        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,

        \Illuminate\Session\Middleware\StartSession::class,

        \Illuminate\View\Middleware\ShareErrorsFromSession::class,

        \App\Http\Middleware\VerifyCsrfToken::class,

        \App\Http\Middleware\Authenticate::class

    ],

Its a copy of web, but we added the authenticate beacuse with the group app u can still visit the page while u are logged out. We even got this when we use the web group and then in the controller of the dashboard the __construct got $this->middleware('auth'); (we do this without the group auth).

Your AuthController doesn't seem to be using this middleware, which will not start any session after Auth::attempt(). Try this, delete all cookies, load the login page, do you see any cookie set ?

Hello, you dont see the middle ware in the route because I am swithing between it, I am sorry. I did it now like this:

//Route::get('/dashboard', ['as' => 'dashboard', 'uses' => 'DashboardController@getIndex']);
Route::group(['middleware' => 'auth'], function () {
    Route::get('/dashboard', ['as' => 'dashboard', 'uses' => 'DashboardController@getIndex']);

But it's still redirecting to login page after the login button, while the the attempt was successful. Also the cookie get generated and a session file in the storage folder.

Sorry, if this is confusing, your AuthController must use the middleware routes where it creates a session for you. As of now, only your DashboardController does that , which is the reason by authenticated session does not persist.

Route::group(['middleware' =>[ 'web']], function () {
    Route::get('/login', ['as' => 'login', 'uses' => 'Auth\AuthController@getLogin']);
    Route::post('/login', ['as' => 'login', 'uses' => 'Auth\AuthController@postLogin']);
});

Route::group(['middleware' => ['web','auth'], function () {
        Route::get('/dashboard', ['as' => 'dashboard', 'uses' => 'DashboardController@getIndex']);
}

and refactor your middleware group as

'web' => [
        \App\Http\Middleware\EncryptCookies::class,

        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,

        \Illuminate\Session\Middleware\StartSession::class,

        \Illuminate\View\Middleware\ShareErrorsFromSession::class,

        \App\Http\Middleware\VerifyCsrfToken::class,

    ],

  'auth' => [
    \App\Http\Middleware\Authenticate::class,
    ... whatever else you need
 ],

Oke thank you! It's now working, but still don't know why they implemented this "web" group. I find it very ugly... But thank you very much! I hope this will also help others, I have seen this issue a lot today on forums without resolution.

@ThePascalboy From the docs:

Middleware groups allow you to group several route middleware under a single, convenient key, allowing you to assign several middleware to a route at once. For example, this can be useful when building a web UI and an API within the same application. You may group the session and CSRF routes into a web group, and perhaps the rate limiter in the api group.

Taking into consideration the reason for this, I think it's actually a very clean way about doing things, and if you want, you don't have to use middlewareGroups. You can always change the Kernel.php file to look like the 5.1 version and add the "web" middlewares back to the global middleware stack.

@premsaurav Thanks that was exactly the solution I was looking for, have been stuck on this confusing Auth session break for almost a week. Regards.

hi @ThePascalboy please could put the final code for analysis

This is what Laravel Says "Keep in mind, the web middleware group is automatically applied to your default routes.php file by the RouteServiceProvider."

If I put my Routes inside the below code, the error is always null and no error message appears. But it also doesn't let the process go if there is any error. This is really weird Route::group(['middleware' => ['web']], function () { //routes are here })

so, according to laravel suggestion, I didn't add any middleware web group (as laravel says route.php is already bind with this process) and I found everething is working perfectly fine.

Do you have the latest updated version?

after spent several days with this issue (and not being aware that I was using 5.2 version) @premsaurav answer works for me, thanks a lot

Excuse me, where must be done this refactoring? ... in Illuminate\Foundation\Http\Kernel ???

It's also important to pass the request parameter in the controller action (the one you're redirecting to after login), otherwise it will not see the session. Just something I learned today when facing the same issue.

Hi, i use laravel 5.2.35, its no need to add middleware like 'web' in the route group. Because laravel automatically add it. See code below $router->group([ 'namespace' => $this->namespace, 'middleware' => 'web', ], function ($router) { require app_path('Http/routes.php'); });

You saved me after 5 hours of debugging. Thanks a lot!