Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

georgeAB's avatar

Error: "Session store not set on request." using Laravel/ui package with API request

So I use the Laravel/ui package for register and login with 2 applications. I have a Laravel application and a C# application. The C# application use the API of the laravel application to register, login and get some data.

I tested the api request with Postman and I got this error: "Session store not set on request." So the error is showing because the first line in the method sendLoginResponse() wants to regenerate the session that isn't stored in the request. But I don't need or use the session on my c# application, so does anyone have an idea or advice to solve this error?

(api.php)

Route::post('/login', [LoginController::class, 'login']);

(AuthenticatesUsers.php from Laravel/ui)

protected function sendLoginResponse(Request $request)
{
    $request->session()->regenerate();

    $this->clearLoginAttempts($request);

    if ($response = $this->authenticated($request, $this->guard()->user())) {
        return $response;
    }

    return $request->wantsJson()
                ? new JsonResponse([], 204)
                : redirect()->intended($this->redirectPath());
}
0 likes
7 replies
georgeAB's avatar

I already use this https: //github.com/ejarnutowski/laravel-api-key for my application to generate api keys. Then it seems unnecessary to use sanctum as well, right?

Sinnbeck's avatar

@georgeAB yeah that's fine. But you cant just use laravel authentication then. That is made for signing in using sessions :)

An api is stateless so you need to authorize every request

georgeAB's avatar

@Sinnbeck Thanks for your reply. I was thinking of overriding the sendLoginResponse() method and check if the request is from api, if that is true then don't regenerate the session. Or should I install sanctum for authentication only. I don't need the API token and other stuff from sanctum.

Sinnbeck's avatar

@georgeAB if you don't want tokens and don't want sessions, how do you plan to authenticate?

Using the package you posted, you just attach its middleware and check if the token is correct. There is no "sign in" as such. You can send in a username and password and then return a token to be used for further requests. Normally you store this token on the device running the app when you sign in. It is then sent to laravel on every request

Maybe explain how you are thinking it will work from the C# application.

jlrdw's avatar
jlrdw
4 years ago
Best Answer
Level 75

@georgeAB Sounds like you are wanting to retrieve API data, why not use passport.

Snapey's avatar

check if the request is from api, if that is true then don't regenerate the session

requests through api routes are stateless - logging in via session is not possible

Please or to participate in this conversation.