Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Amr_Mesbah's avatar

Unauthenticated session

Routes/api.php => Route::get('/isAuthenticated', [AuthController::class, 'userAuth'])->middleware('auth:sanctum');

I am using sessions on authentication. When trying to hit the api endpoint from my local angular server it always returns {message: "Unauthenticated."}

my backend server deployed on bluehost and when I hit this api from the deployed angular project it works. but throw this error for the local angular server

Can anyone help!

0 likes
3 replies
LaryAI's avatar
LaryAI
AI
1 year ago
Level 58

The issue you're experiencing is likely related to CORS (Cross-Origin Resource Sharing) or the way cookies are handled between your local development environment and the deployed server. Here are a few steps you can take to resolve this:

  1. CORS Configuration: Ensure that your Laravel application is configured to accept requests from your local development environment. You can do this by setting up CORS in your app/Http/Middleware/HandleCors.php or using a package like fruitcake/laravel-cors.

    Here's a basic example of how you might configure CORS in config/cors.php:

    return [
    'paths' => ['api/*'],
    'allowed_methods' => ['*'],
    'allowed_origins' => ['http://localhost:4200'], // Adjust this to match your local Angular server
    'allowed_headers' => ['*'],
    'exposed_headers' => [],
    'max_age' => 0,
    'supports_credentials' => true,
];

  2. Sanctum Configuration: If you're using Laravel Sanctum for authentication, ensure that your SANCTUM_STATEFUL_DOMAINS environment variable is set correctly. This should include your local development domain.

    In your .env file:

    SANCTUM_STATEFUL_DOMAINS=localhost:4200
SESSION_DOMAIN=localhost

  3. Session Configuration: Make sure your session configuration is set to use cookies and that the domain is correctly set for your local environment.

    In your config/session.php:

    'domain' => env('SESSION_DOMAIN', null),
'secure' => env('SESSION_SECURE_COOKIE', false),

  4. Check Cookies: Ensure that your local Angular application is sending cookies with requests. This is necessary for session-based authentication to work. You might need to configure your HTTP client to include credentials:

    In Angular, you can configure this in your HTTP requests:

    this.http.get('http://your-backend-url/api/isAuthenticated', { withCredentials: true })
    .subscribe(response => {
        console.log(response);
    });

  5. Network Issues: Double-check that there are no network issues or firewalls blocking requests from your local environment to the server.

By following these steps, you should be able to resolve the "Unauthenticated" error when accessing your API from a local Angular server. If the problem persists, consider checking the network tab in your browser's developer tools for more detailed error messages.

vincent15000's avatar

How do you authenticate users ?

Can you show the backend code for the authentication ?

And the frontend one too ?

1 like
jlrdw's avatar

I don't understand using session here, an API is stateless. Is this an SPA.

Perhaps a regular web app would be better suited.

1 like

Please or to participate in this conversation.