Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

layetri's avatar

Laravel 5.7 Session not maintained while using subdomains

Hello! As the title says, I'm facing problems with maintaining session over multiple subdomains. I tested this with both my existing project and a fresh Laravel 5.7.19 installation, both with the same results.

What I want: login on domain 1, say login.localhost, and then maintain that authenticated state on all other subdomains (portal.localhost, manager.localhost etc).

The problem: At the beginning, a successful login would return me to the login page, because the session was not sustained between two subdomains (login and portal). After an internet search I cleared the cookies in Chrome. After clearing the cookies, this new problem appeared: upon POSTing to the Authentication script, a 419 Expired error occurs. Closer inspection tells that the session is reset on every page load.

Solutions tried:

  • tested this both on my local Windows environment and Linux server, same results
  • set the SESSION_DOMAIN to .localhost in .env
  • tested with multiple drivers (database, cookie, file)
  • updated all dependencies and cleared application and configuration cache
  • changed the $domain in CookieJar.php's make function to env('SESSION_DOMAIN')

All of the above didn't fix my issue.

Would anyone be able to help me?

0 likes
3 replies
signar's avatar

@layetri I don't know the answer to your question since I haven't tried this setup yet. But I believe you need a shared session storage like redis og a database to be able to make it work.

My suggestion is to append the session id when making requests across the domains, ie. when the user is authenticated and sent to another domain. On the other domain you could fetch the session id from the query string and then fetch the data for that session id from the session storage and set the current session to the stored one. This might become a juggling act and error prone but should work in theory :)

layetri's avatar

After some more testing, I'm not so sure if it is just a problem with the subdomains anymore. Even with a redirect on the same subdomain, the session is still reset and a new session file is created. If I switch to the cookie driver, no cookies are placed.

In addition, I now added the subdomain routing functions to my RouteServiceProvider (instead of just throwing them in routes/web.php) with web middleware on them, but still nothing has changed.

...anyone..?

meduz's avatar

Just encountered the same problem in Laravel 5.8 with SESSION_DOMAIN=*.my-domain.tld in the .env file. Here’s how I solved it:

For local environment where SESSION_DRIVE=file

  • remove the asterisk in this SESSION_DOMAIN value (so it’s now `.my-domain.t);
  • manually delete the content of storage/framework/sessions.

For production environment where SESSION_DRIVE=redis

  • remove the asterisk in this SESSION_DOMAIN value (so it’s now `.my-domain.t);
  • clear all the things (php artisan config:clear, php artisan cache:clear);
  • also regenerated the app key (not sure it’s however useful);
  • restart Nginx and PHP.
1 like

Please or to participate in this conversation.