Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

kreierson's avatar

Randomly lose Auth session and get redirected to login page

I seem to be losing my auth session when making api calls from my application. I followed this video https://laracasts.com/series/whats-new-in-laravel-5-3/episodes/13 to set up passport so I could use axios to make calls to my api.php in the routes folder.

Everything works perfectly when I'm using the application from the local machine.

When I browse to the application from another computer and hit a route that makes an api call, I get a status code of 302 Found and get redirected back to the login page. But the weird thing is is sometimes the request will go through just fine but eventually maybe a request or two later I will lose my session and be redirected again.

Api Routes file

Route::group(['prefix' => '/v1', 'middleware' => 'auth:api'], function () {
     /**
      * Employee Routes
      */
     Route::get('/employees', 'api\v1\EmployeeController@all');
     Route::post('/employees', 'api\v1\EmployeeController@store');
     Route::get('/employees/{id}', 'api\v1\EmployeeController@show');
});

Web Routes file

Route::group(['middleware' => 'web'], function() {
     //Auth routes
     Route::group(['middleware' => 'auth'], function() {
          //Dashboard Routes
          Route::get('/dashboard', 'DashboardController@index');

          //Calendar Routes
          Route::get('/calendar', 'CalendarController@index');

          //Employee Routes
          Route::get('/employees', 'EmployeeController@index');
          Route::get('/employees/{id}', 'EmployeeController@show');
     });
Auth::routes();
});

Web Middleware Groups

protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
            \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
        ],

I was under the impression that the CreateFreshApiToken would allow you to make axios requests to your api from your application, that is what the video states.

I also have this in my app.blade.php file

window.axios.defaults.headers.common = {
       'X-CSRF-TOKEN': Laravel.csrfToken,
       'X-Requested-With': 'XMLHttpRequest'
     };
axios.defaults.withCredentials = true;

axios Request

self = this;
                    
axios.get('/api/v1/employees').then(function(response) {
         self.employees = response.data;
});

The controller methods that get called

 public function all(Request $request)
     {
          // return $request->user();
          $company = Company::whereHas('users.roles', function($query){
               $query->where('name', 'outfitter');
          })->where('id', $request->user()->company_id)->firstOrFail();
          return $company->users;
     }

Any guidance would be greatly appreciated.

0 likes
1 reply
andrewc's avatar

Having a similar problem, where after a few minutes (random time) the session seems to be lost and a 302 redirect to login occurs. Did you find a solution to this?

Please or to participate in this conversation.