Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Gumehara's avatar

Getting a 302 on Nova Login

Hello all, I'm running a Laravel 10 instance with the latest Nova installed per documentation.

When I visit Nova ( /nova ) i get redirected to the login ( /nova/login ) and then when I try to log in with existing credentials I get a CSRF error. When I add all routes with ( "*" ) on the verifyCsrfMiddleware the login starts working but I get a 302 on successful login to nova/dashboards/main and then get redirected back to the login screen.

I suspect it's some guard perhaps but I've tried changing that.

This is an existing project with sanctum installed and running to serve APIs. Maybe that has something to do with it?

Best, Filip

0 likes
1 reply
LaryAI's avatar
LaryAI
AI
3 years ago
Level 58

This issue could be caused by a few different things, but here are a few potential solutions to try:

  1. Make sure that your session driver is set correctly in your .env file. If you're using the default file driver, make sure that the storage/framework/sessions directory exists and is writable by your web server.

  2. Check that your APP_URL is set correctly in your .env file. If it's not set correctly, it can cause issues with redirects.

  3. Try clearing your browser cookies and cache. Sometimes old cookies can cause issues with authentication.

  4. Make sure that your nova middleware group includes the web middleware. In your app/Http/Kernel.php file, make sure that the nova middleware group includes the web middleware:

'nova' => [
    \Illuminate\Session\Middleware\StartSession::class,
    \Illuminate\View\Middleware\ShareErrorsFromSession::class,
    \Laravel\Nova\Http\Middleware\Authenticate::class,
    \Laravel\Nova\Http\Middleware\DispatchServingNovaEvent::class,
    'web',
],
  1. If you're using Sanctum, make sure that you're not accidentally sending the CSRF token with your API requests. Sanctum automatically adds the CSRF token to your API requests, so you don't need to include it manually. If you're including it manually, it can cause issues with authentication.

Hopefully one of these solutions will help resolve the issue!

Please or to participate in this conversation.