Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi everyone.
For the last few days I've been trying to implement a subdomain redirect with login in. So far I haven't been able to get it working :(.
What I'm trying to achieve here is to login in the www.example.com and if the user is valid and has a registered domain, redirect him (logged in) to it, for example to test.example.com.
So far I've been able to redirect the user to the subdomain correctly but I cannot make it arrive logged in.
I've been trying different approach one of them is to resend the login form to the subdomain to force the system to login him again. (I leave a bit of code as I was trying it, might not be perfect was a prove of concept that miserably failed)
Any suggestion or help would be really appreciate it. Thx in advance.
if(Session::get('company_subdomain') == "www" || Session::get('company_subdomain') == null){
//lets find the user subdomain and redirect him to it, logged in
return redirect()->intended("https://" . $user->client->wildcard_sub . Config::get('app.domain') . $this->loginPath)->withInput();
Auth::attempt(['email' => $request->email, 'password' => $request->password]);
return redirect()
->to("https://" . $user->client->wildcard_sub . Config::get('app.domain') . $this->loginPath)
->with('email', $request->email)
->with('password', $request->password);
Apparently I'm not the first one to try this (https://laracasts.com/discuss/channels/general-discussion/subdomain-session-on-log-in) @username , but there is still no answer to it.
You need to make sure you set your cookie to work on other subdomains.
Here's some info: http://stackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domain
Used here: https://github.com/laravel/laravel/blob/master/config/session.php#L138
You should be able to search yourself.
@bashy, thanks for the quick answer. I've been playing with the sessions and domains. The problem is that I want to keep the user logged in the right subdomain, not all of them.
As example: You would login to www.example.com get redirected to test.example.com (logged in) but you shouldn't be able to enter company.example.com (because you are not a valid user in this subdomain).
Changing the session.php file 'domain' setting I can bypass to the hole subdomains but I want them to keep them to do that.
Thx.
I don't really understand what you're trying to do but let me try narrow it down.
You want to only allow login to the user's sub domain and none of the other ones? If you allow cookies on all subdomains (same cookie), you will need to do checks (Middleware). Otherwise you will need to make something custom for the cookies/session in Laravel.
Do you want multi-tenant?
Yes, the application will be a multi-tenant, and I was also planning to use middleware to check that the use stays on his subdomain.
The "main" domain would be just for marketting/registration purposes.
Are you suggesting to have the cookies accepted for the hole domain and then restrict it by middleware instead of trying to restrict it by cookie subdomain?.
I tryied to make asimple diagram, it might help. http://postimg.org/image/dujlnboih/
I've not worked with multi-tenant so I'm not the best person to ask about that.
Personally I don't think cookie across all is correct but I'm not sure how multi-tenant apps work best.
Please or to participate in this conversation.