Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

elb98rm's avatar

Can't access session error data in views.

... this may be a Breeze issue, but either way it's fairy low level and I'd appreciate some help on how to debug this.

Background

When tidying up a newly developed system I noticed that some flash() messages were not showing. After some searching I noticed that this was only for Breeze generated controllers. I repeated this with a vanilla install, and the problem is present on basic install.

Original bug:

Other reporting:

Description

When using a standard controller, the following controller/method/views has session data and when displayed, the flash() content is populated. For example in a quickly made DashboardController:

    public function index(Request $request): View
    {
        $request->session()->flash('success', 'Hello world');
        return view('dashboard.index');
    }

However, when using a Breeze generated controller, the session data is not persisted/visible. For example, in the AuthenticatedSessionController:

    public function store(LoginRequest $request): RedirectResponse
    {
        $request->authenticate();

        $request->session()->regenerate();

        return redirect()->intended(RouteServiceProvider::HOME)->with('success', 'You have successfully logged in!');
    }

^ Note, the above method is simply syntactically "nice". It also fails on $request->session()->flash('success', 'Hello world');

If you {{ var_dump(Session::all()) }} on a page, this shows as empty for a Breeze controller, and not empty when using a user generated controller. (["_flash"]=> array(2) { ["old"]=> array(0) { } ["new"]=> array(0) { } } )

Intended behaviour

var_dump() should include the flash() session data

Notes

  • I've heard that dd() quits too early/destroys session data, so var_dump() is specified; also:
  • This was discovered in finished code - no "manual early exit" issues are the problem
  • I have recreated this in Vanilla code: a fresh install with Breeze
  • The session is being correctly set inside the store method, it is just lost as soon as it redirects.

Steps To Reproduce

  • install Laravel
  • composer require laravel/breeze --dev
  • php artisan breeze:install
  • Add a user to the database (using seeder or other method)
  • Add a flash message to AuthenticatedSessionController, for example: ->with('success', 'You have successfully logged in!')
  • (optional - helps with debugging): change redirect to index/welcome to create a quick testing loop
  • Add {{ var_dump(Session::all()) }} to guest.blade.php and app.blade.php
  • Attempt to login
  • Monitor the contents of the var_dump(): session data will be empty

Main questions:

Has anyone seen this before? Does anyone have any good method of chasing the session data through laravel to see where this is failing? I suspect it could be a config issue (perhaps installing Breeze does this?) but I don't know.

Any help would be appreciated.

0 likes
7 replies
LaryAI's avatar
LaryAI
AI
2 years ago
Level 58

It seems like the issue you're encountering is related to session data not persisting after a redirect when using Laravel Breeze's AuthenticatedSessionController. This could be due to a number of reasons, including session configuration issues or middleware affecting the session.

Here are some steps you can take to debug and potentially solve the issue:

  1. Check Session Driver Configuration: Ensure that your .env file is configured to use a session driver that supports persistent sessions, such as file, database, redis, etc.

    SESSION_DRIVER=file

  2. Middleware Order: The order of middleware in your app/Http/Kernel.php file can affect sessions. Make sure that \Illuminate\Session\Middleware\StartSession::class is included in the web middleware group and that it is not being overridden or removed by any custom middleware.

  3. Clear Cache and Config: Sometimes configuration values can be cached. Clear your configuration cache to ensure that the latest config values are being used.

    php artisan config:clear
php artisan cache:clear

  4. Session Flash Usage: When you use ->with() on a redirect, it utilizes the session's flash data. Ensure that you are not doing anything that could overwrite or flush the session before it is read, such as calling $request->session()->regenerate() after setting the flash message.

  5. Test Session Without Redirect: To isolate the issue, try setting a session value and returning a view directly instead of redirecting. This can help determine if the problem is with the session itself or the redirect process.

    public function store(LoginRequest $request)
{
    $request->authenticate();
    $request->session()->put('success', 'You have successfully logged in!');
    return view('dashboard.index'); // Temporarily return a view directly
}

  6. Inspect Session Middleware: Laravel Breeze may use certain middleware that could affect sessions. Inspect the middleware applied to the routes in routes/web.php and ensure that the web middleware group is being applied to your routes.

  7. Listen to Session Events: Laravel fires events when session data is saved. You can listen to these events to see if the session is being saved correctly.

    \Illuminate\Support\Facades\Event::listen(
    'Illuminate\Session\StoreSaved',
    function ($event) {
        logger('Session was saved', $event->session->all());
    }
);

  8. Check for Overwritten Session: Ensure that no part of your application is inadvertently overwriting the session data after it has been set.

If after trying these steps the issue persists, it may be helpful to create a minimal example that reproduces the issue and share it with the community for further assistance. Additionally, you can check the Laravel Breeze repository for any open issues or discussions related to session handling.

elb98rm's avatar

I tried 1-6 of Lary's responses. As I explained, error/success session data is persisted fine without a redirect.

I'm not sure how to do part 7, so I'll have to draw a blank there.. Where does that suggested code actually go?

Part 8 is as per the code: there's no overwrite at my end.

krisi_gjika's avatar

@elb98rm can you show what the home or an example intended route does? Is the flash session available on the controller you are redirecting?

elb98rm's avatar

@krisi_gjika I'm not sure what you mean by the "home or an example intended route does"?

While there is other blade structure (content etc), the test I am doing is simply {{ var_dump(Session::all()) }} near the top of the page.

To be clear:

  • if I directly load a view, the errors/success session content is the var_dump.
  • if I redirect to a view, the errors/success session content is NOT in the var_dump.
krisi_gjika's avatar

@elb98rm there is no redirecting to a "view", you redirect to a route that runs a controller method that returns a view. I'm asking what does the redirected controller method do. Is the session available on that method or not?

elb98rm's avatar

@krisi_gjika

OK, I mispoke.

  • If I redirect to a route that loads a simple view, this fails.

Let me try and explain in a way that answers you:

In the controller method that does the redirect:

        $request->session()->flash('success', 'Some info');
        return redirect(route('dashboard'));

In the dashboard route:

// literally first thing in the method... 
var_dump(Session::all());

Result on the page is:

array(5) {
["_token"]=> string(40) "..." 
["_previous"]=> array(1) { ["url"]=> string(38) "...prev url..." }
["_flash"]=> array(2) {
    ["old"]=> array(0) { } 
    ["new"]=> array(0) { } } 
["url"]=> array(0) { } 
["login_web_59ba36addc2b2f9401580f014c7f58ea4e30989d"]=> string(36) "21bbfff4-53d3-4b05-8364-a16177c6d73f" 
}

"Sessons" are working - If I do the following in the controller method and directly access it:

        $request->session()->flash('success', 'Hello world');
        var_dump(Session::all());

.. I get:

array(6) {
["_token"]=> string(40) "..." 
["_previous"]=> array(1) { 
    ["url"]=> string(34) "...current url..." } 
    ["_flash"]=> array(2) { 
        ["old"]=> array(0) { } ["new"]=> array(1) { 
             [0]=> string(7) "success" } 
        } 
["url"]=> array(0) { } 
["login_web_59ba36addc2b2f9401580f014c7f58ea4e30989d"]=> string(36) "21bbfff4-53d3-4b05-8364-a16177c6d73f" 
["success"]=> string(11) "Hello world" 
}

Thus - sessions flash messages seem to work in both controllers and views when called without a redirect, and fail with a redirect.

krisi_gjika's avatar

@elb98rm have you tried flashing data in other ways, like return redirect(route('dashboard'))->with('success', 'Some info'); Also check your routes if the web middleware is being applied twice

Please or to participate in this conversation.