I've seen something weird happening on a project I'm working on. This project has a frontend that is composed of both regular server-side rendered pages, but also a few components that interact with an API provided by Laravel.
This API uses the same auth middleware as the main routes that render the "base" pages, but unlike full page loads the ajax requests don't seem to keep the session alive.
For policy reasons, project requires to have a short session time of 15 minutes, and one of the components of the project is a quiz like ui, where users can spend more than that interacting with it without doing a full page load. Those interactions make API requests, but what I've noticed was with such requests going out, the user session still expires.
Is there a way around this?