Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

skovmand's avatar

Set XSRF-TOKEN on beta.mydomain.com instead of .beta.mydomain.com

Hi everyone.

I have three domains on my server: The production URL: www.mysite.com and mysite.com, the beta site URL: beta.mysite.com and the demo URL: demo.mysite.com

On purpose I have set the production domain in Session.php to:

'domain' => env('SESSION_COOKIE_DOMAIN', ".mysite.com"),

on beta.mysite.com to beta.mysite.com and demo.mysite.com on the demo site.

Now for the problem! The XSRF-token for .mysite.com is taking precedence over the beta.mysite.com XSRF-token. Therefore I get TokenMismatchExceptions all the time on these sites. The Session works fine because I use three different names for it, but the XSRF-tokens do not since they use the same name.

Is there some clever way to prevent this?

Regards, Niels.

0 likes
0 replies

Please or to participate in this conversation.