Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

maytham's avatar

Same login on two different Laravel projects

I have seen a question today on stack-overflow about using the same authentication of one Laravel 5.1 project on the other Laravel 5.1 project.

I was curious if this is possible at all?

I think it might be useful in some situation where you have the same user platform but different portals.

0 likes
18 replies
bobbybouwmann's avatar

This is kinda tricky to do but it is possible. You have two options here.

Option one: Share the same session using an identical setup and subdomains. This means that you can share your cookie over different domains as long as they have the same hostname. So for example alpha.example.com and beta.example.com should work here. As long as you set the cookie host the same way. So something like this .example.com. Note that your session.php, your cipher type (hashing) and database need to be identical.

Your second options would be setting two cookies on both site one. So when the user logs in you set the cookie and register the user on one site. Then you redirect the user to the other site. Set the cookie and register the user here and redirect the user back to the original site. Now you have a unique cookie on both domains but the user can still login in on both sites.

4 likes
mehany's avatar

How about In app A, setup an authorized_apps ( user_id, domain_name , auth_token ) table which is the application that will provide authentication and create an API controller that will provide auth credentials ( cors ). The URL could be something like this https://example.com/api/v1/service/auth

  // two methods
  authenticate and generate a token for the other app

The application making the request gets stored in authorized_apps table and the token could be used in future login from the other apps.

2 likes
bobbybouwmann's avatar

@mehany That means you need to login over and over again, because you don't have a cookie set for each application. A session eventually experiences. You can set a cookie forever.

1 like
mehany's avatar

@bobbybouwmann I see your point, totally true. I thought of a way to use a username and password authentication between any two apps that don't require sharing the session.

1 like
zoransa's avatar

Yes, why not your two apps can share the same user table and authentication logic but if you want to use eloquent for various things then you have to put BOTH projects in the database and use prefix to distinguish tables like p1_table p2_table

3 likes
bobbybouwmann's avatar

@mehany You have a valid point to just use one api and validate from there. It's hard to make something like this work in a simple and laravelish way ;)

1 like
strategicsdemexico's avatar

I think like @zoransa , the best way and easy, It's just use the same users table for both projects. Just in your model Users of one project set the connection to the DB to other and that's it! set the connection settings on your database.php config file for that!

2 likes
maytham's avatar

Great inputs. Thank you guys, I will go make some tests and see which path is most practical for a solution, but seams @zoransa this was what I was thinking of when I started this question? I thought it was not possible, have you tried it your self?

1 like
sukonovs's avatar

Looks like good reason to implement microsevice with one function to handle authorization on several apps. Not sure how to handle sessions though.

2 likes
pmall's avatar

@maytham just use the same database configuration (username/password etc) for both projects so they connect to the same database. Then maybe the 'prefix' value in config/database.php can allow you to globally set a prefix for all tables of your project. Not sure about this.

2 likes
zoransa's avatar

You know what is problem... lets say in one project you have User model with table 'users' and it can for example have images, comments...

For the other branch you need that the same user but it could have relations to different models. If you need just authentication you could in theory make oauth2 server on first project and authenticate user on another project similar like Facebook and then you have to update and maintain relationship with your authentication provider. That's also option.

1 like
yanikkumar's avatar

I've same doubt I've two different projects with different DB but I need to connect them both like project1 users table can be used in project2 DB like an Oauth system for second project. How can i do that?

1 like
hmbilal's avatar

I have a similar situation where we have small laravel apps needed to communicate together. Here is what I am planning to do.

  • Implement sanctum in Laravel apps.
  • On user creation, publish a message in RabbitMQ and process to generate sanctum tokens and save in db in both apps.
  • Communicate via APIs between both apps.

Not sure how it'll go but looks like a solid design.

1 like
skeith22's avatar

@yanik2103 @lukegalea16

This is very easy to implement btw, I've been doing this for years already since version 5.4

What you need to do is set your session driver in config/session.php to database, and create the migrations with these commands for all your projects.

Memcached or Redis driver for the session will do too.

for reference here https://laravel.com/docs/8.x/session#database (might vary on depending what version of Laravel you're running this)

php artisan session:table

php artisan migrate

Next, let them all use THE SAME Database, and all your sessions should be sync.

After that, set up your Authentication with Sanctum for mobile applications, and simple, token-based APIs, OR if you want a full OAuth2 server then you can use Passport, both should suffice what you need.

for Passport make sure all 3 applications are using the same oauth-public.key and oauth-private.key found in storage folder. just generate the keys in one app, then copy and paste the keys on all other apps.

OPTIONAL PART, this requires you to have experience in handling servers

These next steps will make all your 3 applications interact and feel like one single application, this lets them talk to each other even on different domains, BUT this is complicated to set up, only do this if you have experience setting up real-time applications and handling servers.

  • Set up your Broadcasting Driver to Redis or Pusher (Pusher is easier but expensive, I don't' use Pusher)

for reference here https://laravel.com/docs/8.x/broadcasting

  • Set up Socket.io for both your backend and frontend (We have Laravel Echo for this in the Frontend)

for Laravel Echo reference here https://laravel.com/docs/8.x/broadcasting#installing-laravel-echo

Next step is for Redis Driver (This is what I do)

  • Set up a NodeJS Server for your Backend Real-time Server (you can use Laravel Echo Server for this)

for Laravel Echo Server reference here https://github.com/tlaverdure/laravel-echo-server

  • Point all of your 3 applications Echo's Auth Path to One Single Laravel Echo Server/Domain, you might see something on your laravel-echo-server.json file like this
{
    "authHost": "http://app1.test", // choose 1 app for all of your apps where they would authenticate.
    "authEndpoint": "/broadcasting/auth",
    ... other configs
}

Once all of this is running, all of them should be able to Pub/Sub Messages using Notification, meaning you can let them all talk to each other using Broadcasting, so whatever the user is doing on App1 can be read by App2 and App3 using Events.

Like if user1 would do something on App1, App1 can push a message to App2/App3 displaying a Notification/Flash Message or whatever you want in Real-Time and Vice Versa.

This is all pure Laravel way.

5 likes
ssjc02's avatar

@skeith22 I wish you knew the amount of work you've saved me from. Many thanks!

2 likes
skeith22's avatar

@ssjc02 Glad to help bro, let me know if you have more questions regarding this. cheers

1 like
vincent15000's avatar

Why not creating a specific application just for authenticating the users, the auth app.

Then in both applications you can setup an authentication system using the API the auth app API.

This is just a suggestion, I don't have tested anything and perhaps it's just another idea to discuss in this post ;).

Something like SSO ?

Please or to participate in this conversation.