Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I am using Laravel 5.4 and Vue.js. I am sending a post request with axios to the server. I am trying to login the user, but I can't. This is my code...
axios.post('/api/login', this.$data)
.then(res => {
console.log(res.data);
})
.catch(error => console.log(error));
Route::middleware('guest:api')->post('/login', 'AuthController@login');
public function login(Request $request)
{
$this->validate($request, [
'name' => 'required',
'password' => 'required|min:6',
]);
if ( Auth::attempt( ['username' => $request->name, 'password' => $request->password] , true) )
{
return [
'code' => 200,
'message' => 'Authentication Successful!'
];
}
}
This was my code. After posting the ajax request, if credentials are correct, I am getting the success message in the console. But, I can't visit the homepage route which is under a auth middleware
Please help me to solve this problem asap...
My guess would be that you are logging in but with a different session to the browser access.
You might be able to see this if you clear all session files and then load the page with the login form, and submit the form. After do you have one session file or two?
@Snapey In Application tab, there are two session files in "Cookies" section (XSRF-TOKEN, laravel_session) and no file in "Session Storage section. After attempting to log in, nothing changed....
On the server, not the client.
Look in storage/framework/sessions
oh, i see.... Yes, after attempting to log in, a file is being created.... this is the content of the file...
a:3:{s:6:"_token";s:40:"qOVusiTfobVDDkYVyU23XTFL549i2oVCwVeqJWHH";s:9:"_previous";a:1:{s:3:"url";s:27:"http://localhost:8000/login";}s:6:"_flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}}
And is it still one file when you access the protected route?
yes.... when I am trying to access the homepage, which is protected route, it's still the one file
when you say you cant what happens? what code do you get back?
also try that login manually and see what happens..
are you passing in the CSRF token?
@shez1983 I didn't try to login manually yet! But, also I'm not passing the CSRF token.... is that's the problem?
csrf is not needed on api routes
I still think the problem is session related. The API routes are not really suitable for authenticating what will later be a full web client.
From the docs;
The routes/web.php file defines routes that are for your web interface. These routes are assigned the web middleware group, which provides features like session state and CSRF protection. The routes in routes/api.php are stateless and are assigned the api middleware group.
So you cannot login through api.php since it does not remember state from one call to the next.
I tried to add CSRF token like this, but still I can't visit the auth protected routes...
axios.defaults.headers.common['X-CSRF-TOKEN'] = document.querySelector('meta[name="csrf-token"]').getAttribute('content');
<meta name="csrf-token" content="{{ csrf_token() }}">
Please see my post. You will need to move login to your routes/web.php file and set the csrf token on the request.
Ohh, Thank you so much @Snapey I just tried to login with web.php file's route and it worked.... Thanks, mate!
Please or to participate in this conversation.