Level 75
Check session storage. It sounds like session is not working.
Also Did you do a complete upgrade? Or did you keep the laravel 10 inner workings.
Edit:
Also see https://laracasts.com/discuss/channels/laravel/role-middleware-in-laravel-11
Jul 24, 2024
10
Level 1
Laravel 11 upgrade too many redirects
I've just updated our Laravel 10 application to version 11. Artisan works great. But when I try to load the home page, it redirects to the login page (expected). But it just keeps redirecting to /login over and over again and finally the browser errors with Too Many Redirects error. I can't find any hints in the code. Nothing really changed in our controllers. The routes file is the same as in Laravel 10.
- I've cleared browser cache and cookies.
- I ran
artisan optimizeandartisan optimize:clear. - I DID follow the upgrade guide, so please do just say "Follow the upgrade guide."
I'm completely stumped. Any suggestions?
Level 1
@jlrdw I started with the laravel 10. I didn't end up removing the middlewares and provider files.
Level 75
@emergingdzns The upgrade I did was a complete, see the link I left, that fixed everything for me. The answer I gave.
Level 122
Yes, sounds like messed up middleware
Level 1
Thanks everyone. I got past the issue, but now when I login I get a 419 Page Expired message instead of being redirected to the default route (which is /dashboard). If i try to go to /dashboard manually it redirects me back to the /login page.
It seems like perhaps the authentication is happening but only for one page load. Because it successfully redirects to the dashboard but then the dashboard seems to not recognize the session and redirects me back to the login.
Level 122
@emergingdzns One potential issue is that you have not got csrf token in your request
Level 1
Ok so the issue seems to be something with sessions. It's driving me nuts. The login happens as it should.
The auth middleware is where things are breaking down. In my routes/web.php file I have this:
Route::middleware(['auth'])->group(function () {
Route::get('/dashboard', [HomeController::class, 'dashboard'])->name('dashboard');
});
But this just causes the redirect back to login. But when i comment out the middleware group the redirect doesn't happen, but of course the method fails because there's no user is session.
The controller looks like this:
<?php
namespace App\Http\Controllers;
... all my use statements here
class HomeController extends Controller
{
public function index()
{
return view('home');
}
public function dashboard()
{
print_r(session()->all());
exit;
$serviceRequestsCreatedReport = new ServiceRequestsCreatedReport('today', 'html');
return view('dashboard.index', [
'service_requests_created_report' => $serviceRequestsCreatedReport->handle()->render(),
]);
}
}
So in the dashboard method I added the print_r of the session. If I comment out the middleware group in the web.php file the session dump lines work. but with the middleware line active, it never gets there and redirects back to /login.
In the LoginController class it has AuthenticatesUsers class. I edited the AuthenticatesUsers class and added some dumps to the login() and sendLoginResponse() methods to confirm that it is in fact succeeding to login. I can dump the user data correctly there and die out.
It makes no sense why the session is lost when it redirects to the dashboard url.
Level 2
Did you check for the CSRF token as Snapey suggested? Most often a 419 is due to a missing or outdated CSRF token, and it's possible the middleware got a bit borked in the upgrade. I've done a couple 10 -> 11 upgrades and not had a problem with it myself, but everyone's mileage may vary and it's easy to accidentally miss a step when following instructions.
Level 1
@maxxd Yes. The csrf is showing up in the form. It's loaded in the blade by doing @csrf which creates the _token hidden input. As I said it submits fine. It actually logs in, but once the page changes, the session is lost.
In the .env I have this:
SESSION_DRIVER=database
SESSION_LIFETIME=120
SESSION_SECURE_COOKIE=true
SESSION_DOMAIN=localhost
SESSION_ENCRYPT=false
In the sessions table, I see rows of data from me logging in. So that part is working.
Level 1
Holy crap I just figured it out. Found a stackoverflow post. I just added this to the web routes file right after the middleware is called:
session()->regenerate();
Hope it helps others.
Please or to participate in this conversation.