Level 8
because http://localhost is not your domain.
APP_URL=http://localhost:8000
SESSION_DOMAIN=http://localhost:8000
Jan 19, 2021
3
Level 4
Three cookies rejected for Invalid Domain on local dev machine
I'm having a problem with cookies, presumably some kind of CORS problem, but I don't know why. When I load my app on my local machine just running a standard php artisan serve server, the console shows:
Cookie “XSRF-TOKEN” has been rejected for invalid domain.
Cookie “appname_session” has been rejected for invalid domain.
Cookie “1Z1IE4mp5AZjYQ9KlnblgapiAgpRfI3kjQ8RY0JB” has been rejected for invalid domain.
In my .env, I have the following:
APP_URL=http://localhost
SESSION_DOMAIN=http://localhost
I've tried various versions of that, with and without port number, quotes etc. Any ideas?
Level 4
Oh, believe me, I have tried it with the port number. I've tried it with and without http. I've tried 127.0.0.1. I've tried every combination I can think of.
Level 17
I am running L9 sanctum app on 127.0.0.1:8000 and a SPA on VScode live server at 127.0.0.1:5500. I had this issue after days of trying to get past the CORS issues and figure out proper config for Sanctum. Good news is if you are seeing these errors then you are finally past the Sanctum part and the last issue is session config (probably similar if not the exact same whether using sanctum or plain Laravel).
I changed my session domain in .env to SESSION_DOMAIN='127.0.0.1'
No port number because 127.0.0.1 is the domain both front and backend are being served from.
My APP_URL is set to the default http://myappname.test. I don't think it comes into play here at all if you are running on php artisan serve but I'm assuming both settings should be set to an actual domain once it is uploaded to a real server for production.
2 likes
Please or to participate in this conversation.