Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi everyone,
I am implementing Laravel Sanctum API in my service but I am having some issues with sessions. Let me explain:
I need to save some data for each user who authenticates via token. Now, if the token doesn't exist but the session does, the Sanctum middleware routes still pass. I have read that the session comes into play if the token is not present, but this is incorrect because the token should be valid for the duration of the session. Am I doing something wrong?
Where have you declared the API routes ? Are they protected by the sanctum middleware ?
How have you tested the routes ? With a front ? With Postman ? Another way ?
Impossible to help you if you don't share further information about the problem you encounter.
Please or to participate in this conversation.