Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Yassin A.'s avatar

Laravel session cookie does not work in production

We made a multilanguage webpage (german, english and french). To change the language there is a route called lang_switch declared which refers to the LanguageController. In this controller there is the function switchLang(string $lang) that looks like this:

    if (!array_key_exists($lang, Config::get('language'))) {
        $lang = 'de';
    }
    Session::put('applocale', $lang);
    Session::save();
    app()->setLocale(strtolower($lang));
    return redirect()->back();
}

In a blade the user can switch the language:

    @foreach (Config::get('language') as $lang => $language)
        @if ($lang == App::getLocale())
            <span class="fi fi-{{ $lang }}"></span>&nbsp;&nbsp;&nbsp;{{ $language['display'] }}
        @endif
    @endforeach
</button>
<div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
    @foreach (Config::get('language') as $lang => $language)
        @if ($lang != App::getLocale())
            <a class="dropdown-item" href="{{ route('lang_switch', $lang) }}"><span class="fi fi-{{ $lang }}"></span>&nbsp;&nbsp;&nbsp;{{ $language['display'] }}</a>
        @endif
    @endforeach

It works on my local machine but not on the production server (windows22). Everytime I try to switch the language via blade or via direct url it needs another refresh of the page.

I tried adding a csrf token on the blade, I switched the session variable to lowercase, I got rid of any separators for naming the cookie in config/session.php and son on.

On the server I manualy deleted all the views in storage/framwork and also did all the php artisan commands (cache:clear, route:clear, config:clear, view:clear, optimize) but nothing worked...

0 likes
5 replies
tisuchi's avatar

@yassin a. There are a few things that could be causing the issue you're experiencing. Here are a few suggestions to try and troubleshoot the problem:

  1. Verify that the session settings in your 1config/session.phpfile are the same on your local machine and on the production server. Make sure that thedriverandencryptoptions are set correctly, and that thesecure` option is set to true on the production server.

  2. Check that the .env file on your production server has the correct settings for SESSION_DRIVER and SESSION_DOMAIN

  3. Verify that the session cookie is being set correctly by inspecting the headers of the HTTP request and response using a tool like the browser developer console. Make sure that the cookie is being set with the correct domain, path, and expiration time.

  4. Check if there's any problem with your browser. Some browser have problem with handling session cookies. Try to use different browser to check if the problem is from browser or not.

  5. Verify that there are no issues with file permissions on the server that could be preventing the session data from being written to the storage directory.

  6. Check for any middleware that might be modifying the session data or preventing the session cookie from being set.

  7. Make sure that your production server is running the same version of PHP as your local machine.

If none of these suggestions resolve the issue, you can try clearing the session data manually by running php artisan session:clear and try again.

1 like
Yassin A.'s avatar

@tisuchi Thank you for all these inputs!

  1. Everything was set correctly and changing the secure option to true didn't change the outcome

  2. Correct settings in .env on production server

  3. I checked the session cookie on the browser tool and everything is set as it should be. The only thing I am a bit uncertain of is the path. The path in config/session is set to '/' and it is also shown like this on the browser tool, but is the path the same like path of storing the cookies? Because they are all being stored in storage/framework/session

  4. Checked different browsers on different machines and deleted cache

  5. All data is being written into the storage directory on the server

  6. There is a language middleware but it shouldn't modify the session data

     if (Session::get('applocale')) {
     App::setLocale(Session()->get('applocale'));
 } else { // This is optional as Laravel will automatically set the fallback language if there is none specified
     App::setLocale('de');

 }
 return $next($request);

    }

  7. Local and server both running PHP 8.1

Session:clear as an artisan command was not possible, but deleted all sessions manualy but sadly still facing the same problem..

mnek84's avatar

dont you think off using a middelware to set the correct language on each request? also, can you check if the server has the correct domain for session or disk permissions?

Yassin A.'s avatar

@mnek84 Not using a middelware for this webproject (no user registration / login) and the server has the correct domain and permissions. A language middleware was created by laravel tho

Yassin A.'s avatar

When vhost is set to root and adds the .htaccess file it works (rest of the page does not work then) but when vhost is set to /public it doesn't work..

Please or to participate in this conversation.