Laravel Session::token keeps changing in every request when not using https://

Hello,

I am going through a weird problem and I have been unable to solve it finally.

Laravel Session::token is re-generated in each HTTP request when I upload my app in my shared hosting. The app works fine when the domain has https://. But if I load the app using http://, no forms work (shows 419 Page Expired). The app also works fine in my localhost (Windows 10 with apache server) even though it's also http://localhost.

I can simply force to HTTPS using .htaccess to ignore the issue. But I want my app to be functioning in non-SSL domains also.

If I hit https://mysite.com/ 10 times, dd(Session::token()); returns the same token xZYdXs5UuXUSCZ5wHGELad9GuqjimkrPhMlsMepE every time.

And if I hit http://mysite.com/ 10 times, dd(Session::token()); returns different random tokens each time.

My Hosting Server: Litespeed

Laravel Version: 6.2

PHP Version: 7.4

.env file

SESSION_DRIVER=file
SESSION_LIFETIME=120

config/session.php file

use Illuminate\Support\Str;

return [
    'driver' => env('SESSION_DRIVER', 'file'),
    'lifetime' => env('SESSION_LIFETIME', 120),
    'expire_on_close' => false,
    'encrypt' => false,
    'files' => storage_path('framework/sessions'),
    'connection' => env('SESSION_CONNECTION', null),
    'table' => 'sessions',
    'store' => env('SESSION_STORE', null),
    'lottery' => [2, 100],
    'cookie' => env(
        'SESSION_COOKIE',
        Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
    ),
    'path' => '/',
    'domain' => env('SESSION_DOMAIN', null),
    'secure' => env('SESSION_SECURE_COOKIE', false),
    'http_only' => true,
    'same_site' => null,

];

Permission:

/storage 0755
/storage/framework/sessions 0755

Please let me know if I should share any relevant information to make the issue more clear.

Thank you.