Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Really odd problem, if I try to log in on my localhost without ticking the remember me box the application will log me into the landing page, which is /home. Then if I try to navigate to any other page it give me either "Header may not contain more than a single header, new line detected" error or 403, both which point at the user being logged out.
However, if I tick the Remember Me box during login I have no issues. Everything works as intended. Any idea? If you require any further info or C/P please let me know. This is driving me insane.
Sounds like you are having problems with sessions and the remember me function just keeps logging you in on every access.
If you run php artisan serve and then connect using the port number it shows you, do you still have the issue? (just as a test)
Hey @snapey, thanks for the reply. I am running it on Homestead/Vagrant. If I try php artisan serve it just gives me a permission denied error. Regarding sessions, I did try and swap the driver for database and run the migration, problem still persists though.
apache?
Afraid not, it's nginx. Would that make a difference?
The problem I have in mind is stuff being output before the laravel headers.
This is caused by having some characters before the opening <?php in literally ANY class that gets run as part of the request cycle.
Only solution is to check all files that you have modified. And also make sure you haven't put ?> at the end of any file
Hmm... went through pretty much all of the files, well at least the ones VS Code could find with the find function. Did the same for ?> there were no files containing this. Although, I know for a fact that my login works, because I can log in if the Remember Me box is ticked. It only breaks if that's unticked. I tried to debug the login controller with dd(), but that thing just bounces all over the place not sure where to use dd() or what to look for.
This
"Header may not contain more than a single header, new line detected"
is what makes me think you are echoing data before the response somewhere.
Check if your browser is receiving the Laravel cookie.
Open the browser devtools and check the response from the server for the pages you are looking at. The very first characters recieved should be as per your blade master layout. Are they?
Okay so as for the cookie I got two. One is laravel_session and the second is XSRF-TOKEN. If I log in with remember me ticked I get a third one called remember_web_{bunch of numbers}.
As for the response, I do get the layout page then content as expected.
By the way, thank you so much for this, thanks for your time! You are a community legend!
OKAY! Hold on, what!? The problem is now fixed. I don't even know what that did to fix it. So here is what I did. I re-ran the initial scaffolding of php artisan ui vue --auth. This then asked me yes or no on a bunch of files because I was replacing them. After saying yes to all of them the problem was fixed. Further investigation lead to this: on my home page I am running two vue graphs:
<div class="col-md-4 mr-5 charts-container">
<div class="col-md-12">
<team-graph
:labels="[@foreach($users as $user)'{{$user->name}}',@endforeach]"
:active-leads="[@foreach($users as $user) {{$user->leads->whereIn('lead_status_id', [2,3])->count()}},@endforeach]"
:inactive-leads="[@foreach($users as $user) {{$user->leads->whereIn('lead_status_id', [1,4])->count()}},@endforeach]"
:dead-leads="[@foreach($users as $user) {{$user->leads->whereIn('lead_status_id', [5,7])->count()}},@endforeach]"
></team-graph>
</div>
<div class="col-md-12 mt-5">
<revenue-graph url="/api/revenue"></revenue-graph>
</div>
</div>
<div class="col-md-4">
<h1 class="mb-4">Welcome back, {{Auth::user()->name}}</h1>
<strong>Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor.</strong>
<p class="mt-4">Recent Updates</p>
@for ($i = 0; $i <= 4; $i++)
<div class="mb-4 mt-4 col-md-12">
<div class="col-md-2">
<img src="https://picsum.photos/60/60?random={{$i}}" alt="..." class="rounded-circle">
</div>
<div class="col-md-9 mb-3">Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.</div>
</div>
@endfor
</div>
</div>```
Since these were removed by the process I described above, my login now works. I have no idea how though still.
Further developments, it seems like wherever I use the graphs, the app will log the user out? What is this about?
I managed to boil it down to this: api.php and web.php. For whatever reason, whenever I tried to go through api.php to get back data for the graphs the app would boot the user out. So I ended up moving all of my routes to the web.php file where everything works fine now. Users can stay logged in without ticking that accursed box :D
Please or to participate in this conversation.